Skip to main content
CVE-2020-10665 MEDIUM POC This Month

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Docker Desktop
NVD GitHub
CVSS 3.1
6.7
EPSS
1.4%
CVE-2020-10365 MEDIUM POC This Month

LogicalDoc before 8.3.3 allows SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Logicaldoc
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-9323 MEDIUM POC This Month

Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tiff Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-9443 MEDIUM This Month

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Desktop
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6976 MEDIUM This Month

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cncsoft Screeneditor
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-7258 MEDIUM This Month

Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Security Manager
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-7256 MEDIUM This Month

Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Network Security Manager
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4199 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Tivoli Netcool Omnibus
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-10659 MEDIUM This Month

Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Entelligence Security Provider
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy