Skip to main content
CVE-2020-6097 HIGH POC This Week

An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Atftp Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-24739 MEDIUM POC This Month

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Icms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-11998 CRITICAL PATCH Act Now

A regression has been introduced in the commit preventing JMX re-bind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java RCE Oracle Activemq +6
NVD
CVSS 3.1
9.8
EPSS
51.2%
CVE-2020-8758 CRITICAL Act Now

Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Standard Manageability Active Management Technology Firmware Steelstore Cloud Integrated Storage
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-5780 MEDIUM POC This Month

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Email Subscribers Newsletters
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-9732 CRITICAL PATCH Act Now

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Experience Manager Experience Manager Forms
NVD
CVSS 3.1
9.0
EPSS
2.8%
CVE-2020-9731 HIGH This Week

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
11.3%
CVE-2020-9730 HIGH This Week

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-9729 HIGH This Week

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-9728 HIGH This Week

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-9727 HIGH This Week

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2020-9725 HIGH PATCH This Week

Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-25221 HIGH PATCH This Week

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Cloud Backup Solidfire Enterprise Sds Hci Storage Node +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-7314 HIGH This Week

Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Mcafee Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7312 HIGH This Week

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Mcafee Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-25220 HIGH PATCH This Week

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9733 HIGH PATCH This Week

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Experience Manager Experience Manager Forms
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-17408 HIGH PATCH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Expresscluster X
NVD
CVSS 3.1
7.5
EPSS
74.0%
CVE-2020-14198 HIGH PATCH This Week

Bitcoin Core 0.20.0 allows remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-24552 HIGH This Week

Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Se5901 Firmware Se5901B Firmware Se5904D Firmware Se5908 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-15170 HIGH PATCH This Week

apollo-adminservice before version 1.7.1 does not implement access controls. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apollo
NVD GitHub
CVSS 3.1
7.0
EPSS
1.3%
CVE-2020-7311 HIGH This Week

Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Microsoft Mcafee Agent
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-7315 MEDIUM This Month

DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Mcafee Agent
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-15171 MEDIUM PATCH This Month

In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
6.6
EPSS
1.3%
CVE-2020-9726 MEDIUM PATCH This Month

Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Framemaker
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2020-9743 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Experience Manager
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-24582 MEDIUM This Month

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Desktop
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13920 MEDIUM PATCH This Month

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Authentication Bypass Activemq Communications Diameter Signaling Router Flexcube Private Banking +1
NVD
CVSS 3.1
5.9
EPSS
4.6%
CVE-2020-15024 MEDIUM This Month

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Microsoft Information Disclosure Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9742 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.8%
CVE-2020-9741 MEDIUM This Month

The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-9740 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-9734 MEDIUM This Month

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-4578 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-15168 MEDIUM PATCH This Month

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node Fetch
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-24655 MEDIUM This Month

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Google Race Condition Authentication Bypass Authy 2 Factor Authentication
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2020-9738 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-9737 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-9736 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
1.8%
CVE-2020-9735 MEDIUM This Month

AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
1.8%
CVE-2020-10773 MEDIUM PATCH This Month

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy