Skip to main content
CVE-2020-9768 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Apple RCE Use After Free +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3919 HIGH This Week

A memory initialization issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3913 HIGH This Week

A permissions issue existed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-3906 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-3905 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3904 HIGH This Week

Multiple memory corruption issues were addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3903 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3893 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-3892 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-5548 HIGH This Week

Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rtx830 Firmware Nvr510 Firmware Nvr700W Firmware Rtx1210 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11470 LOW POC Monitor

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Meetings
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-10204 HIGH PATCH This Week

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Nexus
NVD
CVSS 3.1
7.2
EPSS
24.3%
CVE-2020-3912 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-3908 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-3907 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-7263 MEDIUM This Month

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-8145 MEDIUM This Month

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Microsoft Information Disclosure Unifi Video
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-1958 MEDIUM PATCH This Month

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Druid
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2020-9770 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-8966 MEDIUM PATCH This Month

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10598 MEDIUM This Month

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pyxis Medstation Es Firmware Pyxis Anesthesia Station Es Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-1949 MEDIUM This Month

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sling Cms
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-3902 MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +4
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-3884 MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Mac Os X
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-6753 MEDIUM This Month

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Login By Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-5392 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-3917 MEDIUM This Month

This issue was addressed with a new entitlement. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3914 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-3889 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3881 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1954 MEDIUM PATCH This Month

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Apache Information Disclosure Cxf Communications Diameter Signaling Router Communications Element Manager +7
NVD
CVSS 3.1
5.3
EPSS
6.1%
CVE-2020-1934 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Apache Information Disclosure Http Server Fedora Debian Linux +8
NVD
CVSS 3.1
5.3
EPSS
52.0%
CVE-2020-9781 MEDIUM This Month

The issue was addressed by clearing website permission prompts after navigation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-9777 MEDIUM This Month

An issue existed in the selection of video file by Mail. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-9775 MEDIUM This Month

An issue existed in the handling of tabs displaying picture in picture video. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-3916 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-3890 MEDIUM This Month

The issue was addressed with improved deletion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-11445 MEDIUM This Month

TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link Nc450 Firmware Nc260 Firmware Nc250 Firmware +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-10203 MEDIUM PATCH This Month

Sonatype Nexus Repository before 3.21.2 allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2018-11802 MEDIUM PATCH This Month

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Solr
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-9784 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-3888 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-3887 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-3885 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +4
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-9780 LOW Monitor

The issue was resolved by clearing application previews when content is deleted. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-9776 LOW Monitor

This issue was addressed with a new entitlement. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2020-9773 LOW Monitor

The issue was addressed with improved handling of icon caches. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2020-3894 LOW Monitor

A race condition was addressed with additional validation. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Microsoft Apple Icloud +5
NVD
CVSS 3.1
3.1
EPSS
1.1%
CVE-2020-3891 LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Watchos
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy