Skip to main content
CVE-2020-9853 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-3915 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3898 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25186 HIGH This Week

An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Levistudiou
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15681 HIGH This Week

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13327 HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure Runner
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-9924 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9905 HIGH This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-27665 HIGH PATCH This Week

In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Strapi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-9869 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9828 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-27155 HIGH PATCH This Week

An issue was discovered in Octopus Deploy through 2020.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27638 HIGH PATCH This Week

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fastd Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-9994 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-9929 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-9908 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-9779 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-9771 HIGH This Week

This issue was addressed with a new entitlement. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-27672 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-9921 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-9796 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition RCE Apple Mac Os X
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-9810 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-15682 MEDIUM This Month

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-27646 MEDIUM This Month

Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure File Transfer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-9939 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-27642 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Greenlight
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-27620 MEDIUM This Month

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Skin
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3996 MEDIUM This Month

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Velero
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27673 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9997 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X Watchos
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9902 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-9772 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3918 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27666 MEDIUM PATCH This Month

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Strapi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-27674 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen Fedora Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-15680 MEDIUM This Month

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-9787 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27675 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel Fedora +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-15270 MEDIUM PATCH This Month

Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-9935 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-9986 LOW Monitor

A file access issue existed with certain home folder files. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2020-27560 LOW PATCH Monitor

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Leap
NVD GitHub
CVSS 3.1
3.3
EPSS
1.5%
CVE-2020-7020 LOW PATCH Monitor

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
3.1
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy