Skip to main content
CVE-2020-16970 HIGH POC PATCH This Week

Azure Sphere Unsigned Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. Public exploit code available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-27523 HIGH POC This Week

Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Solstice Pod Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-16992 HIGH POC PATCH This Week

Azure Sphere Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5). Public exploit code available.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-16994 HIGH POC PATCH This Week

Azure Sphere Unsigned Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
7.3
EPSS
1.6%
CVE-2020-16991 HIGH POC PATCH This Week

Azure Sphere Unsigned Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2020-27524 HIGH POC This Week

On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mmi Multiplayer
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2020-8353 MEDIUM POC This Month

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Intel Information Disclosure Thinkcentre M80T Firmware Thinkcentre M80S Firmware +12
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-16986 MEDIUM POC PATCH This Month

Azure Sphere Denial of Service Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Azure Sphere
NVD
CVSS 3.1
6.2
EPSS
1.2%
CVE-2020-16985 MEDIUM POC PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.2
EPSS
1.7%
CVE-2020-16982 MEDIUM POC PATCH This Month

Azure Sphere Unsigned Code Execution Vulnerability. Rated medium severity (CVSS 6.1). Public exploit code available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5426 CRITICAL Act Now

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pivotal Scheduler
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-7768 CRITICAL PATCH Act Now

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Grpc
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-17051 CRITICAL PATCH Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-16127 MEDIUM POC This Month

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Denial Of Service Accountsservice
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15275 MEDIUM POC PATCH This Month

MoinMoin is a wiki engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-7767 MEDIUM POC This Month

All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Express Validators
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-17061 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-17042 HIGH PATCH This Week

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2020-17084 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.5
EPSS
3.6%
CVE-2020-17091 HIGH PATCH This Week

Microsoft Teams Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Microsoft RCE Teams
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-17016 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
3.0%
CVE-2020-5992 HIGH PATCH This Week

NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE OpenSSL Nvidia Microsoft Geforce Now
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-17110 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-17109 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-17108 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-17107 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-17106 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-17105 HIGH PATCH This Week

AV1 Video Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Av1 Video Extension
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2020-17104 HIGH PATCH This Week

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2020-17101 HIGH PATCH This Week

HEIF Image Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heif Image Extension
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17088 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17087 HIGH KEV PATCH THREAT This Week

Windows Kernel Local Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1803 +12
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2020-17086 HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2020-17082 HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-17079 HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-17078 HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-17077 HIGH PATCH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17076 HIGH PATCH This Week

Windows Update Orchestrator Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17075 HIGH PATCH This Week

Windows USO Core Worker Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-17074 HIGH PATCH This Week

Windows Update Orchestrator Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-17073 HIGH PATCH This Week

Windows Update Orchestrator Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17070 HIGH PATCH This Week

Windows Update Medic Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-17068 HIGH PATCH This Week

Windows GDI+ Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-17067 HIGH PATCH This Week

Microsoft Excel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Excel Office
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-17066 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Excel
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-17065 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-17064 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-17062 HIGH PATCH This Week

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2020-17055 HIGH PATCH This Week

Windows Remote Access Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-17044 HIGH PATCH This Week

Windows Remote Access Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
2.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy