Skip to main content
CVE-2020-9856 MEDIUM POC This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mac Os X
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-9801 MEDIUM POC This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Safari
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-13973 MEDIUM POC PATCH This Month

OWASP json-sanitizer before 1.2.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Json Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-13965 MEDIUM POC KEV PATCH THREAT This Month

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webmail Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
76.6%
CVE-2020-13911 MEDIUM POC This Month

Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Your Online Shop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13977 MEDIUM POC This Month

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nagios Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
2.7%
CVE-2020-13980 MEDIUM POC This Month

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-8336 MEDIUM This Month

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Intel Information Disclosure Thinkpad E14 Firmware Thinkpad E15 Firmware +36
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-8334 MEDIUM This Month

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Thinkpad T495S Firmware Thinkpad X395 Firmware Thinkpad T495 Firmware +4
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-8320 MEDIUM This Month

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Thinkpad 11E Yoga Gen 6 Firmware Thinkpad 11E Firmware Thinkpad Yoga 11E 3Rd Gen Firmware Thinkpad Yoga 11E 4Th Gen Firmware +96
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-7456 MEDIUM PATCH This Month

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Freebsd Clustered Data Ontap
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-8337 MEDIUM This Month

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Smart Audio Uwp
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8323 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware 330 15Ast Firmware 330 17Ast Firmware +169
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8322 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware 330 15Ast Firmware 330 17Ast Firmware +48
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8321 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 130 14Ast Firmware 130 14Ikb Firmware 130 15Ast Firmware +169
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-1310 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-1258 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-1253 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-1251 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-1348 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.2%
CVE-2020-1329 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Authentication Bypass Bing
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-1322 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Office +1
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2020-1284 MEDIUM PATCH This Month

A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.1
6.5
EPSS
6.9%
CVE-2020-1283 MEDIUM PATCH This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
8.8%
CVE-2020-1232 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
5.9%
CVE-2020-9829 MEDIUM This Month

A validation issue was addressed with improved input sanitization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-3882 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-1327 MEDIUM PATCH This Month

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-1323 MEDIUM PATCH This Month

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Open Redirect Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-1220 MEDIUM PATCH This Month

A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Google Microsoft Open Redirect Edge
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-13964 MEDIUM PATCH This Month

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-1343 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Visual Studio Live Share
NVD
CVSS 3.1
5.9
EPSS
2.8%
CVE-2020-1296 MEDIUM PATCH This Month

A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-1290 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1268 MEDIUM PATCH This Month

An information disclosure vulnerability exists when a Windows service improperly handles objects in memory, aka 'Windows Service Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1263 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1261 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1194 MEDIUM PATCH This Month

A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-1160 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2020-1120 MEDIUM PATCH This Month

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Windows 10
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-9851 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-9833 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9832 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-9831 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-9812 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9811 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9809 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-9797 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-1340 MEDIUM PATCH This Month

A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nugetgallery
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1331 MEDIUM PATCH This Month

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass System Center Operations Manager
NVD
CVSS 3.1
5.4
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy