Skip to main content
CVE-2020-8353 MEDIUM POC This Month

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Intel Information Disclosure Thinkcentre M80T Firmware Thinkcentre M80S Firmware +12
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-16986 MEDIUM POC PATCH This Month

Azure Sphere Denial of Service Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Azure Sphere
NVD
CVSS 3.1
6.2
EPSS
1.2%
CVE-2020-16985 MEDIUM POC PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.2
EPSS
1.7%
CVE-2020-16982 MEDIUM POC PATCH This Month

Azure Sphere Unsigned Code Execution Vulnerability. Rated medium severity (CVSS 6.1). Public exploit code available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-16127 MEDIUM POC This Month

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Denial Of Service Accountsservice
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15275 MEDIUM POC PATCH This Month

MoinMoin is a wiki engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-7767 MEDIUM POC This Month

All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Express Validators
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-16988 MEDIUM PATCH This Month

Azure Sphere Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.9).

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.9
EPSS
0.7%
CVE-2020-17063 MEDIUM PATCH This Month

Microsoft Office Online Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure 365 Apps Office
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2020-8354 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo Notebook Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-17049 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019 Samba
NVD
CVSS 3.1
6.6
EPSS
13.8%
CVE-2020-17040 MEDIUM PATCH This Month

Windows Hyper-V Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-17085 MEDIUM PATCH This Month

Microsoft Exchange Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Exchange Server
NVD
CVSS 3.1
6.2
EPSS
3.4%
CVE-2020-16990 MEDIUM PATCH This Month

Azure Sphere Information Disclosure Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.2
EPSS
1.4%
CVE-2020-26221 MEDIUM This Month

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Touchbase Ai
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26219 MEDIUM This Month

touchbase.ai before version 2.0 is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Touchbase Ai
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26218 MEDIUM POC This Month

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Touchbase Ai
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-16981 MEDIUM PATCH This Month

Azure Sphere Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1).

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-16983 MEDIUM PATCH This Month

Azure Sphere Tampering Vulnerability. Rated medium severity (CVSS 5.7).

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2020-1599 MEDIUM PATCH This Month

Windows Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
19.1%
CVE-2020-17113 MEDIUM PATCH This Month

Windows Camera Codec Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Windows 10
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-17102 MEDIUM PATCH This Month

WebP Image Extensions Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Webp Image Extension
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-17100 MEDIUM PATCH This Month

Visual Studio Tampering Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-17083 MEDIUM PATCH This Month

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Microsoft Exchange Server
NVD
CVSS 3.1
5.5
EPSS
12.0%
CVE-2020-17081 MEDIUM PATCH This Month

Microsoft Raw Image Extension Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Raw Image Extension
NVD
CVSS 3.1
5.5
EPSS
3.4%
CVE-2020-17071 MEDIUM PATCH This Month

Windows Delivery Optimization Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-17069 MEDIUM PATCH This Month

Windows NDIS Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-17056 MEDIUM PATCH This Month

Windows Network File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-17046 MEDIUM PATCH This Month

Windows Error Reporting Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-17045 MEDIUM PATCH This Month

Windows KernelStream Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-17036 MEDIUM PATCH This Month

Windows Function Discovery SSDP Provider Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-17030 MEDIUM PATCH This Month

Windows MSCTF Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-17029 MEDIUM PATCH This Month

Windows Canonical Display Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Canonical Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-17013 MEDIUM PATCH This Month

Win32k Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-17004 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-17000 MEDIUM PATCH This Month

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-16999 MEDIUM PATCH This Month

Windows WalletService Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-1325 MEDIUM PATCH This Month

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Azure Devops Server
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-17060 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-17021 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-17018 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-17006 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics Crm 2015
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-17005 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-16993 MEDIUM PATCH This Month

Azure Sphere Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.4). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Azure Sphere
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-16989 MEDIUM PATCH This Month

Azure Sphere Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.4).

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-17090 MEDIUM PATCH This Month

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-17017 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
3.5%
CVE-2020-16979 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
2.9%
CVE-2020-17015 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2020-17054 MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge Chakracore
NVD
CVSS 3.1
4.2
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy