Skip to main content
CVE-2020-1074 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
53.4%
CVE-2020-1053 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1052 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1039 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2020-1030 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-16881 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2020-16874 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2020-16856 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2020-0998 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-0997 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +2
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2020-0911 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-0886 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-0870 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-0839 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0838 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2008 +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-0790 HIGH PATCH This Week

<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0782 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-0766 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0648 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-24164 HIGH PATCH This Week

A deserialization flaw is present in Taoensso Nippy before 2.14.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Nippy
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-1593 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.6
EPSS
2.8%
CVE-2020-1508 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.6
EPSS
3.3%
CVE-2020-16872 HIGH PATCH This Week

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
7.6
EPSS
1.8%
CVE-2020-25281 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-1228 HIGH PATCH This Week

<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-1045 HIGH PATCH This Week

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Asp Net Core Fedora Enterprise Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2020-1031 HIGH PATCH This Week

<p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p> <p>To exploit the vulnerability, an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-1013 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2020-0908 HIGH PATCH This Week

<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Google RCE Microsoft Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-0836 HIGH PATCH This Week

<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-15166 HIGH PATCH This Week

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Libzmq Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-25255 HIGH This Week

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Onbase
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-25250 HIGH This Week

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onbase
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-25248 HIGH This Week

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Onbase
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-25247 HIGH This Week

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Onbase
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-1345 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
2.7%
CVE-2020-1198 HIGH PATCH This Week

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
2.7%
CVE-2020-1471 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2020-1319 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.3
EPSS
4.7%
CVE-2020-25276 HIGH This Week

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-16862 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

RCE Microsoft Dynamics 365
NVD
CVSS 3.1
7.1
EPSS
3.4%
CVE-2020-16857 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

RCE Microsoft Dynamics 365 For Finance And Operations
NVD
CVSS 3.1
7.1
EPSS
2.5%
CVE-2020-16853 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Onedrive
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-16852 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Onedrive
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-16851 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Onedrive
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-1308 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.0).

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2020-1245 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-0912 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-25280 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Mediatek Information Disclosure Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-1034 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
6.8
EPSS
4.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy