Skip to main content
CVE-2020-1478 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-1475 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-1474 HIGH PATCH This Week

An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-1470 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-1466 HIGH PATCH This Week

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-1377 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-1339 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2020-1046 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Net Framework
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-0604 HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-13933 HIGH PATCH This Week

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Shiro Debian Linux
NVD
CVSS 3.1
7.5
EPSS
48.0%
CVE-2020-1597 HIGH PATCH This Week

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Asp Net Core Visual Studio 2017 Visual Studio 2019 Fedora
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2020-1570 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
8.8%
CVE-2020-1568 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Edge
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-1565 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-1459 HIGH PATCH This Week

An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-1378 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-3411 HIGH This Week

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Center
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8210 HIGH This Week

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-1571 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

RCE Privilege Escalation Microsoft Windows 10
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2020-1557 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.3
EPSS
3.9%
CVE-2020-1182 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Dynamics 365 For Finance And Operations
NVD
CVSS 3.1
7.3
EPSS
2.8%
CVE-2020-1488 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-1477 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. Rated high severity (CVSS 7.0). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.0
EPSS
2.5%
CVE-2020-1473 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.0).

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
2.8%
CVE-2020-9241 HIGH This Week

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure E6878 370 Firmware
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-9237 MEDIUM This Month

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Huawei Use After Free Memory Corruption Information Disclosure Taurus Al00B Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-12480 MEDIUM PATCH This Month

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Play Framework
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-3447 MEDIUM This Month

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Content Security Management Appliance Email Security Appliance
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-8232 MEDIUM PATCH This Month

An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Edgeswitch Firmware
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-13183 MEDIUM This Month

Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pcoip Management Console
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-3463 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Online
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3346 MEDIUM This Month

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-8208 MEDIUM This Month

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Xenmobile Server
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-3448 MEDIUM This Month

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cyber Vision Center
NVD
CVSS 3.1
5.8
EPSS
1.1%
CVE-2020-8226 MEDIUM PATCH This Month

A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Phpbb
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2020-1574 MEDIUM PATCH This Month

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Microsoft Buffer Overflow RCE Windows 10
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-1573 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Designer Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-1510 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Windows 10
NVD
CVSS 3.1
5.5
EPSS
4.8%
CVE-2020-1505 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-1503 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +4
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1502 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +1
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1497 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1493 MEDIUM PATCH This Month

An information disclosure vulnerability exists when attaching files to Outlook messages. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Outlook
NVD
CVSS 3.1
5.5
EPSS
7.3%
CVE-2020-1485 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1476 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Net Framework
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1417 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-1383 MEDIUM PATCH This Month

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1379 MEDIUM PATCH This Month

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
3.3%
CVE-2020-3435 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3434 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy