Skip to main content
CVE-2020-14955 MEDIUM POC This Month

In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jiangmin Antivirus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10769 MEDIUM POC This Month

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Enterprise Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-4089 MEDIUM This Month

HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Notes
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-3798 MEDIUM This Month

Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Digital Editions
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2020-3796 MEDIUM This Month

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2020-3767 MEDIUM This Month

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2020-10753 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Ceph Storage Openstack Fedora +3
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-9581 MEDIUM PATCH This Month

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-9577 MEDIUM PATCH This Month

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-15017 MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15016 MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-4565 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-10727 MEDIUM PATCH This Month

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Artemis Oncommand Workflow Automation
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-9557 MEDIUM PATCH This Month

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Bridge
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2020-3809 MEDIUM PATCH This Month

Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure After Effects
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-9629 MEDIUM PATCH This Month

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9624 MEDIUM PATCH This Month

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9622 MEDIUM PATCH This Month

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Digital Negative Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9617 MEDIUM This Month

Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Premiere Rush
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-9616 MEDIUM This Month

Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Premiere Pro
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2020-15306 MEDIUM PATCH This Month

An issue was discovered in OpenEXR before v2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Openexr Fedora Leap +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15305 MEDIUM This Month

An issue was discovered in OpenEXR before 2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Openexr Fedora +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15304 MEDIUM This Month

An issue was discovered in OpenEXR before 2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openexr Fedora Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9584 MEDIUM PATCH This Month

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Magento
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-4223 MEDIUM This Month

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14477 MEDIUM This Month

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clearvue 850 Firmware Clearvue 350 Firmware Cx50 Firmware Affiniti 70 Firmware +4
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy