Skip to main content
CVE-2020-7274 HIGH This Week

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7259 HIGH This Week

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-2802 HIGH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Graalvm
NVD
CVSS 3.1
7.7
EPSS
1.3%
CVE-2020-9280 HIGH PATCH This Week

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Silverstripe
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-3273 HIGH This Week

A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service 5508 Wireless Controller Firmware 5520 Wireless Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-3262 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 5508 Wireless Controller Firmware 5520 Wireless Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3249 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
7.5
EPSS
23.1%
CVE-2020-3177 HIGH This Week

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager Unified Contact Center Express
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-3162 HIGH This Week

A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-11662 HIGH This Week

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ca Api Developer Portal
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-10615 HIGH This Week

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Scada Data Gateway
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-10613 HIGH This Week

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Scada Data Gateway
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-11792 HIGH This Week

NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8900 Firmware R9000 Firmware Rax120 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11728 HIGH This Week

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Andrew S Web Libraries Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-1018 HIGH PATCH This Week

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Dynamics 365 Business Central Dynamics Nav
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2020-0970 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Chakracore Edge
NVD
CVSS 3.1
7.5
EPSS
13.3%
CVE-2020-0969 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.1
7.5
EPSS
13.3%
CVE-2020-0968 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
30.0%
CVE-2020-0895 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
7.7%
CVE-2020-2958 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2911 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-2907 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-2859 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-2828 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-2816 HIGH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre +17
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-2750 HIGH This Week

Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass General Ledger
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-3932 HIGH This Week

A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vigorap 910C Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10506 HIGH This Week

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal The School Manage System
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-2739 HIGH This Week

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2020-3240 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
7.3
EPSS
38.7%
CVE-2020-2787 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-2786 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-2785 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-2784 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2020-5350 HIGH This Week

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-2963 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-2798 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
7.2
EPSS
8.0%
CVE-2020-1002 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-0942 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-0936 HIGH PATCH This Week

An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-2964 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Data Foundation
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2945 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Deposit Insurance Calculations For Liquidity Risk Management
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2020-2943 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Liquidity Risk Measurement And Management
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2942 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Price Creation And Discovery
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2941 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Funds Transfer Pricing
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2940 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Profitability Management
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2939 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Asset Liability Management
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2938 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Loan Loss Forecasting And Provisioning
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2937 HIGH PATCH This Week

Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Insurance Accounting Analyzer
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2936 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Balance Sheet Planning
NVD
CVSS 3.1
7.1
EPSS
1.1%
Prev Page 5 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy