Skip to main content
CVE-2020-0953 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2020-0944 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-0940 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0938 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe Memory Corruption RCE +17
NVD
CVSS 3.1
7.8
EPSS
69.2%
CVE-2020-0934 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-0919 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows App
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-0913 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0907 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2020-0889 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2020-0888 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0835 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0784 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-2929 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-2927 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Rated high severity (CVSS 7.8). No vendor patch available.

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10699 HIGH PATCH This Week

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Targetcli Fb
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7250 HIGH This Week

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7274 HIGH This Week

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7259 HIGH This Week

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-2802 HIGH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Graalvm
NVD
CVSS 3.1
7.7
EPSS
1.3%
CVE-2020-9280 HIGH PATCH This Week

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Silverstripe
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-3273 HIGH This Week

A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service 5508 Wireless Controller Firmware 5520 Wireless Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-3262 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 5508 Wireless Controller Firmware 5520 Wireless Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3249 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
7.5
EPSS
23.1%
CVE-2020-3177 HIGH This Week

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager Unified Contact Center Express
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-3162 HIGH This Week

A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-11662 HIGH This Week

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ca Api Developer Portal
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-10615 HIGH This Week

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Scada Data Gateway
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-10613 HIGH This Week

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Scada Data Gateway
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-11792 HIGH This Week

NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8900 Firmware R9000 Firmware Rax120 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11728 HIGH This Week

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Andrew S Web Libraries Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-1018 HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Dynamics 365 Business Central Dynamics Nav
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2020-0970 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Chakracore Edge
NVD
CVSS 3.1
7.5
EPSS
13.3%
CVE-2020-0969 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.1
7.5
EPSS
13.3%
CVE-2020-0968 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
30.0%
CVE-2020-0895 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
7.7%
CVE-2020-2958 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2911 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-2907 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-2859 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-2828 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-2816 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +17
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-2750 HIGH This Week

Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass General Ledger
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-3932 HIGH This Week

A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vigorap 910C Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10506 HIGH This Week

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal The School Manage System
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-2739 HIGH This Week

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2020-3240 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
7.3
EPSS
38.7%
CVE-2020-2787 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-2786 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-2785 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-2784 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy