The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-14878 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physi... read CVE-2020-14878
    Published: October 21, 2020; 11:15:25 AM -0400

    V3.1: 8.0 HIGH
    V2.0: 7.7 HIGH

  • CVE-2020-14879 - Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privi... read CVE-2020-14879
    Published: October 21, 2020; 11:15:25 AM -0400

    V3.1: 8.5 HIGH
    V2.0: 7.5 HIGH

  • CVE-2020-14875 - Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated ... read CVE-2020-14875
    Published: October 21, 2020; 11:15:24 AM -0400

    V3.1: 9.1 CRITICAL
    V2.0: 9.4 HIGH

  • CVE-2020-14873 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple ... read CVE-2020-14873
    Published: October 21, 2020; 11:15:24 AM -0400

    V3.1: 4.4 MEDIUM
    V2.0: 6.8 MEDIUM

  • CVE-2020-14872 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastruct... read CVE-2020-14872
    Published: October 21, 2020; 11:15:24 AM -0400

    V3.1: 8.2 HIGH
    V2.0: 7.2 HIGH

  • CVE-2020-14871 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access vi... read CVE-2020-14871
    Published: October 21, 2020; 11:15:24 AM -0400

    V3.1: 10.0 CRITICAL
    V2.0: 10.0 HIGH

  • CVE-2020-14870 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p... read CVE-2020-14870
    Published: October 21, 2020; 11:15:24 AM -0400

    V3.1: 4.9 MEDIUM
    V2.0: 6.8 MEDIUM

  • CVE-2020-14869 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker wi... read CVE-2020-14869
    Published: October 21, 2020; 11:15:24 AM -0400

    V3.1: 4.9 MEDIUM
    V2.0: 6.8 MEDIUM

  • CVE-2020-7590 - A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded pas... read CVE-2020-7590
    Published: October 13, 2020; 12:15:21 PM -0400

    V3.1: 6.4 MEDIUM
    V2.0: 4.6 MEDIUM

  • CVE-2020-3991 - VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin p... read CVE-2020-3991
    Published: October 16, 2020; 10:15:12 AM -0400

    V3.1: 7.1 HIGH
    V2.0: 3.6 LOW

  • CVE-2020-24408 - Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to ex... read CVE-2020-24408
    Published: October 16, 2020; 11:15:11 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-26934 - phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
    Published: October 10, 2020; 3:15:12 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-3317 - A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspect... read CVE-2020-3317
    Published: October 21, 2020; 3:15:15 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-16927 - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
    Published: October 16, 2020; 7:15:15 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 7.8 HIGH

  • CVE-2020-16968 - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16967.
    Published: October 16, 2020; 7:15:16 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 9.3 HIGH

  • CVE-2020-10138 - Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSS... read CVE-2020-10138
    Published: October 21, 2020; 10:15:15 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 7.2 HIGH

  • CVE-2020-14795 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with net... read CVE-2020-14795
    Published: October 21, 2020; 11:15:19 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-14824 - Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabi... read CVE-2020-14824
    Published: October 21, 2020; 11:15:21 AM -0400

    V3.1: 8.6 HIGH
    V2.0: 7.8 HIGH

  • CVE-2020-14825 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker wit... read CVE-2020-14825
    Published: October 21, 2020; 11:15:21 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2020-14826 - Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker... read CVE-2020-14826
    Published: October 21, 2020; 11:15:21 AM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM