Skip to main content
CVE-2020-8866 MEDIUM POC This Month

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Groupware Horde Form Debian Linux
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.6%
CVE-2020-6426 MEDIUM POC This Month

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +4
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2020-8838 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Zoho Microsoft RCE Manageengine Assetexplorer
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2020-8865 MEDIUM POC This Month

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Groupware Debian Linux
NVD Exploit-DB
CVSS 3.1
6.3
EPSS
6.8%
CVE-2020-10871 MEDIUM POC PATCH This Month

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Luci
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-8497 MEDIUM POC This Month

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pandora Fms
NVD
CVSS 3.1
5.3
EPSS
5.3%
CVE-2020-8874 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8873 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8871 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Parallels Desktop
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2020-7482 MEDIUM This Month

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware Andover Continuum Bcx4040 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7481 MEDIUM This Month

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware Andover Continuum Bcx4040 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10870 MEDIUM This Month

Zim through 0.72.1 creates temporary directories with predictable names. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Zim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8876 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-1951 MEDIUM PATCH This Month

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Tika Business Process Management Suite Communications Messaging Server +3
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-1950 MEDIUM PATCH This Month

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Tika Business Process Management Suite Communications Messaging Server +3
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2020-6425 MEDIUM PATCH This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Debian Linux Fedora +1
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-10660 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-8872 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Parallels Desktop
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-5252 MEDIUM PATCH This Month

The command-line "safety" package for Python has a potential security issue. Rated medium severity (CVSS 4.1). No vendor patch available.

Python Docker Information Disclosure Safety
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy