Skip to main content
CVE-2020-9934 MEDIUM POC KEV THREAT This Month

An issue existed in the handling of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.5
EPSS
3.2%
CVE-2020-26672 MEDIUM POC This Month

Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Testimonial Rotator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-16905 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-9946 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-1666 MEDIUM This Month

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2020-16953 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-16948 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-16943 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-1689 MEDIUM This Month

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1688 MEDIUM This Month

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-1687 MEDIUM This Month

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1681 MEDIUM This Month

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1678 MEDIUM This Month

On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-1670 MEDIUM This Month

On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1668 MEDIUM This Month

On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26183 MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-26182 MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-9915 MEDIUM This Month

An access issue existed in Content Security Policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-14299 MEDIUM This Month

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Openshift Application Runtimes Single Sign On
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-1669 MEDIUM This Month

The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. Rated medium severity (CVSS 6.3). No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-16910 MEDIUM PATCH This Month

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.2
EPSS
2.8%
CVE-2020-9925 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-15157 MEDIUM PATCH This Month

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Docker Information Disclosure Containerd Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-24408 MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-16270 MEDIUM This Month

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Olimpok
NVD GitHub
CVSS 3.1
6.1
EPSS
13.1%
CVE-2020-26584 MEDIUM This Month

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sage Dpw
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26583 MEDIUM This Month

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sage Dpw
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-27163 MEDIUM PATCH This Month

phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Phpredisadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9909 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +3
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2020-1685 MEDIUM This Month

When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-16938 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16921 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-16919 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-16914 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Microsoft Information Disclosure Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-16897 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16889 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-27194 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.8.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-1682 MEDIUM This Month

An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9976 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-9968 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-9964 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9913 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9885 MEDIUM This Month

An issue existed in the handling of iMessage tapbacks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24352 MEDIUM This Month

An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-16978 MEDIUM PATCH This Month

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-16956 MEDIUM PATCH This Month

<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-16922 MEDIUM PATCH This Month

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Jwt Attack Microsoft Authentication Bypass Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-16904 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Azure Functions
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2020-16886 MEDIUM PATCH This Month

<p>A security feature bypass vulnerability exists in the PowerShellGet V2 module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

RCE Microsoft Powershellget
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-1680 MEDIUM This Month

On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy