Skip to main content
CVE-2020-3613 HIGH This Week

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Sm8150 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-14969 HIGH PATCH This Week

app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4031 HIGH PATCH This Week

In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Freerdp Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10740 HIGH PATCH This Week

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wildfly
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-4066 HIGH PATCH This Week

In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Limdu
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-4033 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-4030 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-11099 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Fedora +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11098 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-11096 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-14981 MEDIUM This Month

The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Apple Password Vault
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-14980 MEDIUM This Month

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Sophos Information Disclosure Sophos Secure Email
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-7262 MEDIUM This Month

Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-11097 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11095 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1727 MEDIUM This Month

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-9288 MEDIUM This Month

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortiwlc
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4070 MEDIUM PATCH This Month

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Css Validator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13888 MEDIUM This Month

Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Kordil Edms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14961 MEDIUM PATCH This Month

Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4060 MEDIUM This Month

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Denial Of Service Memory Corruption Lora Basics Station
NVD GitHub
CVSS 3.1
5.0
EPSS
0.9%
CVE-2020-4032 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freerdp Fedora Leap Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy