Skip to main content
CVE-2020-10624 HIGH This Week

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controledge Plc Firmware Controledge Rtu Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15336 HIGH This Week

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15335 HIGH This Week

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-9588 HIGH PATCH This Week

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2020-4089 MEDIUM This Month

HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Notes
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-3798 MEDIUM This Month

Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Digital Editions
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2020-3796 MEDIUM This Month

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2020-3767 MEDIUM This Month

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2020-10753 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Ceph Storage Openstack Fedora +3
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-9581 MEDIUM PATCH This Month

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-9577 MEDIUM PATCH This Month

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-15017 MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15016 MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-4565 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-10727 MEDIUM PATCH This Month

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Artemis Oncommand Workflow Automation
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-9557 MEDIUM PATCH This Month

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Bridge
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2020-3809 MEDIUM PATCH This Month

Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure After Effects
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-9629 MEDIUM PATCH This Month

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9624 MEDIUM PATCH This Month

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9622 MEDIUM PATCH This Month

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9617 MEDIUM This Month

Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Premiere Rush
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9616 MEDIUM This Month

Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Premiere Pro
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2020-15306 MEDIUM PATCH This Month

An issue was discovered in OpenEXR before v2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Openexr Fedora Leap +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15305 MEDIUM This Month

An issue was discovered in OpenEXR before 2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Openexr Fedora +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15304 MEDIUM This Month

An issue was discovered in OpenEXR before 2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openexr Fedora Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9584 MEDIUM PATCH This Month

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-4223 MEDIUM This Month

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14477 MEDIUM This Month

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clearvue 850 Firmware Clearvue 350 Firmware Cx50 Firmware Affiniti 70 Firmware +4
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-9558 LOW PATCH Monitor

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Bridge
NVD
CVSS 3.1
3.3
EPSS
2.0%
CVE-2020-9553 LOW PATCH Monitor

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Bridge
NVD
CVSS 3.1
3.3
EPSS
2.1%
CVE-2020-9626 LOW PATCH Monitor

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
3.3
EPSS
2.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy