Skip to main content
CVE-2020-8091 MEDIUM POC PATCH This Month

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typo3
NVD
CVSS 3.1
6.1
EPSS
5.2%
CVE-2020-8090 MEDIUM POC This Month

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wlan Box Adb Vv2220 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-8003 MEDIUM PATCH This Month

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Virglrenderer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8002 MEDIUM PATCH This Month

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Virglrenderer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5220 MEDIUM PATCH This Month

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Syliusresourcebundle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-5218 MEDIUM PATCH This Month

Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Sylius
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy