Skip to main content
CVE-2020-5231 MEDIUM POC PATCH This Month

In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-8492 MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2020-5233 MEDIUM POC PATCH This Month

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-8448 MEDIUM POC This Month

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ossec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8446 MEDIUM POC This Month

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ossec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8496 MEDIUM POC This Month

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Time And Attendance
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-8493 MEDIUM POC This Month

A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Time And Attendance
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-7913 MEDIUM This Month

JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-7911 MEDIUM This Month

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-8095 MEDIUM This Month

A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Total Security 2020
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8092 MEDIUM This Month

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8498 MEDIUM PATCH This Month

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Gistpress
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-7910 MEDIUM This Month

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7912 MEDIUM This Month

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-7908 MEDIUM This Month

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy