Skip to main content
CVE-2020-11499 MEDIUM POC This Month

Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Firmware Analysis And Comparison Tool
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-11454 MEDIUM POC PATCH This Month

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microstrategy Web
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-11453 MEDIUM POC PATCH This Month

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Microstrategy Web
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2020-11458 MEDIUM POC PATCH This Month

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-11491 MEDIUM POC This Month

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zen Load Balancer
NVD GitHub
CVSS 3.1
4.9
EPSS
7.9%
CVE-2020-11452 MEDIUM POC PATCH This Month

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microstrategy Web
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-4325 MEDIUM This Month

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Cloud Pak For Automation Process Federation Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-8017 MEDIUM This Month

A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Texlive Filesystem Leap
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-4304 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4303 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-1927 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Http Server Fedora Debian Linux +11
NVD
CVSS 3.1
6.1
EPSS
56.7%
CVE-2020-11494 MEDIUM PATCH This Month

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Leap Debian Linux +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy