Skip to main content
CVE-2020-1359 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1357 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-1356 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-1355 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-1354 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1353 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-1352 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-1349 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Outlook
NVD
CVSS 3.1
7.8
EPSS
22.5%
CVE-2020-1347 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1346 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-1344 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-1336 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1249 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1085 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-11827 HIGH This Week

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Galaxy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-1469 HIGH PATCH This Week

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Denial Of Service Bond
NVD
CVSS 3.1
7.5
EPSS
4.8%
CVE-2020-1403 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
10.5%
CVE-2020-1374 HIGH PATCH This Week

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2020-5374 HIGH This Week

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Dell Information Disclosure Emc Omimssc For Sccm Emc Omimssc For Scvmm
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5373 HIGH This Week

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Microsoft Authentication Bypass Emc Omimssc For Sccm Emc Omimssc For Scvmm
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15074 HIGH This Week

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn Access Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-13847 HIGH This Week

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-13846 HIGH PATCH This Week

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13845 HIGH PATCH This Week

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-13934 HIGH PATCH This Week

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Apache Denial Of Service Tomcat Debian Linux Oncommand System Manager +11
NVD
CVSS 3.1
7.5
EPSS
64.1%
CVE-2020-7584 HIGH This Week

A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic S7 200 Smart Sr Cpu Firmware Simatic S7 200 Smart St Cpu Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-10044 HIGH This Week

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10037 HIGH This Week

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4512 HIGH PATCH This Week

IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-1461 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-1405 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-1364 HIGH PATCH This Week

A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-1398 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2020-15720 MEDIUM PATCH This Month

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Dogtagpki
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-1333 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege. Rated medium severity (CVSS 6.7).

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-7581 MEDIUM This Month

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process +8
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-1468 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.2%
CVE-2020-1433 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2020-1397 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
6.4%
CVE-2020-5246 MEDIUM PATCH This Month

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection LDAP Traccar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-7592 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Basic Panels 1St Generation Simatic Hmi Basic Panels 2Nd Generation Simatic Wincc Runtime Advanced Simatic Hmi Comfort Panels Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-6285 MEDIUM This Month

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4511 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6290 MEDIUM This Month

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Session Fixation Information Disclosure Disclosure Management
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2020-1442 MEDIUM PATCH This Month

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Office Online Server Office Web Apps
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-15721 MEDIUM PATCH This Month

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-10043 MEDIUM This Month

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-10041 MEDIUM This Month

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6281 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6276 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy