Skip to main content
CVE-2020-1669 MEDIUM This Month

The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. Rated medium severity (CVSS 6.3). No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-16910 MEDIUM PATCH This Month

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.2
EPSS
2.8%
CVE-2020-9925 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-15157 MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Docker Information Disclosure Containerd Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-24408 MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-16270 MEDIUM This Month

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Olimpok
NVD GitHub
CVSS 3.1
6.1
EPSS
13.1%
CVE-2020-26584 MEDIUM This Month

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sage Dpw
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26583 MEDIUM This Month

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sage Dpw
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-27163 MEDIUM PATCH This Month

phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Phpredisadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9909 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +3
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2020-1685 MEDIUM This Month

When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-16938 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16921 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-16919 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-16914 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Microsoft Information Disclosure Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-16897 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16889 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-27194 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.8.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-1682 MEDIUM This Month

An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9976 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-9968 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-9964 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9913 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9885 MEDIUM This Month

An issue existed in the handling of iMessage tapbacks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24352 MEDIUM This Month

An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-16978 MEDIUM PATCH This Month

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-16956 MEDIUM PATCH This Month

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-16922 MEDIUM PATCH This Month

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Microsoft Authentication Bypass Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-16904 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Azure Functions
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2020-16886 MEDIUM PATCH This Month

<p>A security feature bypass vulnerability exists in the PowerShellGet V2 module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

RCE Microsoft Powershellget
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-1680 MEDIUM This Month

On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-1665 MEDIUM This Month

On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-1661 MEDIUM This Month

On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-9916 MEDIUM This Month

A URL Unicode encoding issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-16950 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
5.0
EPSS
4.2%
CVE-2020-16901 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.0
EPSS
1.5%
CVE-2020-16949 MEDIUM PATCH This Month

<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. Rated medium severity (CVSS 4.7). This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +8
NVD
CVSS 3.1
4.7
EPSS
3.0%
CVE-2020-16937 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. Rated medium severity (CVSS 4.7).

Information Disclosure Net Framework
NVD
CVSS 3.1
4.7
EPSS
3.3%
CVE-2020-9894 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Apple RCE Information Disclosure +7
NVD
CVSS 3.1
4.3
EPSS
2.7%
CVE-2020-16942 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.1
EPSS
0.9%
CVE-2020-16941 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.1
EPSS
0.9%
CVE-2020-9933 LOW Monitor

An authorization issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
3.3
EPSS
0.8%
CVE-2020-9912 LOW Monitor

A logic issue was addressed with improved restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Safari
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-9959 LOW Monitor

A lock screen issue allowed access to messages on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy