Skip to main content
CVE-2020-12431 MEDIUM POC This Month

A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Software Updater Streamer
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2020-6485 MEDIUM POC This Month

Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-6483 MEDIUM POC This Month

Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-6482 MEDIUM POC This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-6480 MEDIUM POC This Month

Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-6476 MEDIUM POC This Month

Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-6475 MEDIUM POC This Month

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-6473 MEDIUM POC This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Backports Sle +2
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-6472 MEDIUM POC This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Backports Sle +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-1106 MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2020-13258 MEDIUM POC PATCH This Month

Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Example
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2020-6489 MEDIUM POC This Month

Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6488 MEDIUM POC This Month

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-1173 MEDIUM PATCH This Month

A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Power Bi Report Server
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2020-1071 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-1179 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
6.3%
CVE-2020-1103 MEDIUM PATCH This Month

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-0963 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2020-9069 MEDIUM This Month

There is an information leakage vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Anne Al00 Firmware Berkeley L09 Firmware Cd16 10 Firmware +15
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-9045 MEDIUM PATCH This Month

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Victor Video Management System C Cure 9000 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-6491 MEDIUM This Month

Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6487 MEDIUM This Month

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6486 MEDIUM This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-6484 MEDIUM This Month

Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6481 MEDIUM This Month

Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6479 MEDIUM This Month

Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6478 MEDIUM This Month

Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6460 MEDIUM This Month

Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-1055 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-7655 MEDIUM PATCH This Month

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netius
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6470 MEDIUM PATCH This Month

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Chrome Fedora Backports Sle +2
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-1195 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
5.9
EPSS
2.5%
CVE-2020-1145 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2020-1141 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2020-1123 MEDIUM PATCH This Month

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-1116 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1084 MEDIUM PATCH This Month

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-1076 MEDIUM PATCH This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-1075 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-1072 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1107 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-1105 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1104 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1101 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1100 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1099 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1063 MEDIUM PATCH This Month

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-1059 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Microsoft Open Redirect Edge
NVD
CVSS 3.1
4.3
EPSS
2.0%
CVE-2020-6490 MEDIUM This Month

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy