Skip to main content
CVE-2020-7063 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tenable Sc Debian Linux Leap
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-3862 MEDIUM PATCH This Month

A denial of service issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-3841 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5400 MEDIUM This Month

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Capi Release Cf Deployment
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6864 MEDIUM This Month

ZTE E8820V3 router product is impacted by an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-6863 MEDIUM This Month

ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte E8820V3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-3867 MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apple Icloud Itunes +6
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-3875 MEDIUM This Month

A validation issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-3872 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-3866 MEDIUM This Month

This was addressed with additional checks by Gatekeeper on files mounted through a network share. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-3839 MEDIUM This Month

A validation issue was addressed with improved input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3836 MEDIUM This Month

An access issue was addressed with improved memory management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3874 MEDIUM This Month

An issued existed in the naming of screenshots. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-3869 MEDIUM This Month

An issue existed in the handling of the local user's self-view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-5401 MEDIUM This Month

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routing Release
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7042 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-7041 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-3835 MEDIUM This Month

A validation issue existed in the handling of symlinks. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-3833 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy