Skip to main content
CVE-2020-16958 HIGH PATCH This Week

Windows Backup Engine Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows Server 2008 +2
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-29668 LOW POC PATCH Monitor

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Sympa Fedora Debian Linux
NVD GitHub
CVSS 3.1
3.7
EPSS
2.0%
CVE-2020-12516 HIGH PATCH This Week

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service 750 352 Firmware 750 831 Firmware 750 852 Firmware 750 880 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-17096 HIGH PATCH This Week

Windows NTFS Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
18.7%
CVE-2020-17002 HIGH PATCH This Week

Azure SDK for C Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass C Sdk For Azure Iot
NVD
CVSS 3.1
7.4
EPSS
3.2%
CVE-2020-16971 HIGH PATCH This Week

Azure SDK for Java Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Microsoft Authentication Bypass Azure Sdk For Java
NVD
CVSS 3.1
7.4
EPSS
3.6%
CVE-2020-8908 LOW POC PATCH Monitor

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Google Java Information Disclosure Guava Quarkus +11
NVD GitHub
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-26271 LOW POC PATCH Monitor

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-12594 HIGH This Week

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Symantec Messaging Gateway
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-17089 HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2020-17099 MEDIUM PATCH This Month

Windows Lock Screen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-17117 MEDIUM PATCH This Month

Microsoft Exchange Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
6.6
EPSS
48.9%
CVE-2020-17133 MEDIUM PATCH This Month

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Dynamics Nav
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-17130 MEDIUM PATCH This Month

Microsoft Excel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass 365 Apps Excel
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-17119 MEDIUM PATCH This Month

Microsoft Outlook Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Outlook
NVD
CVSS 3.1
6.5
EPSS
4.1%
CVE-2020-16996 MEDIUM PATCH This Month

Kerberos Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-17135 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Azure Devops Server
NVD
CVSS 3.1
6.4
EPSS
1.2%
CVE-2020-7339 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server and Sensor prior to 4.8.0 in the form of a SHA1 signed certificate that would allow an attacker on. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-2498 MEDIUM This Month

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quts Hero Qts
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-2497 MEDIUM This Month

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quts Hero Qts
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2496 MEDIUM This Month

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quts Hero Qts
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2495 MEDIUM This Month

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quts Hero Qts
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2494 MEDIUM This Month

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Music Station
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2493 MEDIUM This Month

This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Multimedia Console
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2491 MEDIUM This Month

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Photo Station
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-24444 MEDIUM This Month

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Experience Manager Forms Add On
NVD
CVSS 3.1
5.8
EPSS
2.1%
CVE-2020-27350 MEDIUM This Month

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Advanced Package Tool Solidfire Baseboard Management Controller Firmware
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2020-17138 MEDIUM PATCH This Month

Windows Error Reporting Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-17126 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +2
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-17098 MEDIUM PATCH This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-17094 MEDIUM PATCH This Month

Windows Error Reporting Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-26407 MEDIUM This Month

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-17145 MEDIUM PATCH This Month

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Team Foundation Server Azure Devops Server
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-29666 MEDIUM This Month

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M3 Atm Monitoring System
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-17120 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
3.0%
CVE-2020-12595 MEDIUM This Month

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Symantec Messaging Gateway
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-17153 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-17131 MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge Chakracore
NVD
CVSS 3.1
4.2
EPSS
1.9%
CVE-2020-8920 LOW PATCH Monitor

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Authentication Bypass Gerrit
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2020-8919 LOW PATCH Monitor

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Authentication Bypass Gerrit
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2020-26270 LOW PATCH Monitor

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-17097 LOW PATCH Monitor

Windows Digital Media Receiver Elevation of Privilege Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27351 LOW Monitor

Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Python Information Disclosure Advanced Package Tool
NVD
CVSS 3.1
2.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy