Skip to main content
CVE-2020-10029 MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical Glibc Fedora +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9364 MEDIUM POC This Month

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Creative Contact Form
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-9371 MEDIUM POC This Month

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Appointment Booking Calendar
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
3.6%
CVE-2020-3176 MEDIUM This Month

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Remote Phy 120 Firmware Remote Phy 220 Firmware Remote Phy Shelf 7200 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3181 MEDIUM This Month

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-3192 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3190 MEDIUM This Month

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
5.8
EPSS
1.3%
CVE-2020-3185 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Telepresence Management Suite
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3157 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8660 MEDIUM This Month

CNCF Envoy through 1.13.0 TLS inspector bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-8664 MEDIUM This Month

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-3193 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3164 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Cloud Email Security Content Security Management Appliance Email Security Appliance +1
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-5251 MEDIUM PATCH This Month

In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-3182 MEDIUM This Month

A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Webex Meetings
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy