Skip to main content
CVE-2020-16860 MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Microsoft Dynamics 365
NVD
CVSS 3.1
6.8
EPSS
2.7%
CVE-2020-16212 MEDIUM This Month

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-0951 MEDIUM PATCH This Month

<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Microsoft Powershell Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
6.7
EPSS
7.0%
CVE-2020-1590 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2020-1159 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2020-1146 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2020-1130 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 Windows 10 +2
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2020-1097 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2020-1091 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
4.5%
CVE-2020-0904 MEDIUM PATCH This Month

<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-0890 MEDIUM PATCH This Month

<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2020-0856 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2020-0664 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2020-16224 MEDIUM This Month

In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-16216 MEDIUM This Month

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix Performancebridge Focal Point Intellivue Mp2 Mp90 Firmware Intellivue Mx100 Firmware +9
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-25269 MEDIUM PATCH This Month

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Inspircd Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-16228 MEDIUM This Month

In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Patient Information Center Ix Performancebridge Focal Point Intellivue Mp2 Mp90 Firmware Intellivue Mx100 Firmware +9
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-1482 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
2.0%
CVE-2020-1440 MEDIUM PATCH This Month

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2020-1598 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-1506 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Internet Explorer
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-15169 MEDIUM PATCH This Month

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Action View Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2020-15802 MEDIUM This Month

Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Bluetooth Core Specification
NVD
CVSS 3.1
5.9
EPSS
7.1%
CVE-2020-1152 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. Rated medium severity (CVSS 5.8).

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.8
EPSS
0.6%
CVE-2020-14332 MEDIUM PATCH This Month

A flaw was found in the Ansible Engine when using module_args. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-1303 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
4.3%
CVE-2020-1256 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
4.6%
CVE-2020-1250 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1224 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +3
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2020-1133 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 Windows 10 +2
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-1122 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-1119 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1083 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1038 MEDIUM PATCH This Month

<p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16879 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-16855 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Office
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2020-16854 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-0989 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Microsoft Authentication Bypass Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-0941 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-0928 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-0921 MEDIUM PATCH This Month

Microsoft Graphics Component Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-0914 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-0875 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

RCE Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2020-9239 MEDIUM This Month

Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Bla A09 Firmware Bla Tl00B Firmware Berkeley L09 Firmware +10
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1596 MEDIUM PATCH This Month

<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. Rated medium severity (CVSS 5.4).

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-1575 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1514 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1227 MEDIUM PATCH This Month

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-16878 MEDIUM PATCH This Month

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-16871 MEDIUM PATCH This Month

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.6%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy