Skip to main content
CVE-2020-8506 MEDIUM POC This Month

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Global Tv
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3120 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Cisco Integer Overflow Firepower Extensible Operating System +4
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-7973 MEDIUM This Month

GitLab through 12.7.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-7971 MEDIUM This Month

GitLab EE 11.0 and later through 12.7.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8632 MEDIUM PATCH This Month

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Brute Force Cloud Init Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8631 MEDIUM PATCH This Month

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cloud Init Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6854 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jobscheduler
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7977 MEDIUM This Month

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-7976 MEDIUM This Month

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7974 MEDIUM This Month

GitLab EE 10.1 through 12.7.2 allows Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7979 MEDIUM This Month

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-3149 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-7967 MEDIUM This Month

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy