Skip to main content
CVE-2020-7355 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metasploit
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3965 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow VMware Information Disclosure Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-3963 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption VMware Cloud Foundation +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-7354 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metasploit
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-3964 MEDIUM POC This Month

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure VMware Cloud Foundation Fusion Workstation +1
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-15047 MEDIUM PATCH This Month

MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Trojita
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-9618 MEDIUM PATCH This Month

Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Audition
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2020-9611 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-9610 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Null Pointer Dereference Denial Of Service Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-9609 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2020-9608 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-9603 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9602 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9598 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9595 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9593 MEDIUM This Month

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9666 MEDIUM This Month

Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Campaign Classic
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2020-10994 MEDIUM PATCH This Month

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pillow Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-10378 MEDIUM PATCH This Month

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pillow Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-10177 MEDIUM PATCH This Month

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pillow Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-3971 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware Cloud Foundation Fusion +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5965 MEDIUM This Month

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Buffer Overflow Nvidia Information Disclosure +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4072 MEDIUM PATCH This Month

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Generator Jhipster Kotlin
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-11735 MEDIUM PATCH This Month

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak.". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-9437 MEDIUM This Month

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secureauth Identity Provider
NVD
CVSS 3.1
4.8
EPSS
1.0%
CVE-2020-5967 MEDIUM This Month

NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Nvidia Quadro Firmware Tesla Firmware +3
NVD
CVSS 3.1
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy