Skip to main content
CVE-2020-11001 MEDIUM POC PATCH This Month

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wagtail
NVD GitHub
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-7958 MEDIUM POC This Month

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Oneplus 7 Pro Firmware
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-11765 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Leap +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-11764 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11763 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11762 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11761 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11760 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11759 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Openexr Fedora Ubuntu Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-11758 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11723 MEDIUM POC This Month

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ufed Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11743 MEDIUM POC PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9461 MEDIUM POC This Month

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oempro
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-9460 MEDIUM POC This Month

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oempro
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-4151 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6224 MEDIUM This Month

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
6.2
EPSS
1.1%
CVE-2020-7575 MEDIUM This Month

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Climatix Pol908 Firmware Climatix Pol909 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7574 MEDIUM This Month

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Climatix Pol908 Firmware Climatix Pol909 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6217 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6215 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-6211 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6229 MEDIUM This Month

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6223 MEDIUM This Month

The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6216 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11005 MEDIUM PATCH This Month

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windowshello
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8324 MEDIUM This Month

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Jwt Attack Information Disclosure System Interface Foundation
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11742 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11740 MEDIUM PATCH This Month

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6231 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6226 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6222 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-6221 MEDIUM This Month

Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6232 MEDIUM This Month

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commerce Cloud
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-7802 MEDIUM This Month

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Husky Rtu 6049 E70 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7801 MEDIUM This Month

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Husky Rtu 6049 E70 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10381 MEDIUM PATCH This Month

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-6218 MEDIUM This Month

Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.0
EPSS
0.9%
CVE-2020-6214 MEDIUM This Month

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2020-8316 MEDIUM This Month

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Vantage
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-6233 MEDIUM This Month

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Banking Services From Sap S 4Hana Financial Products Subledger
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy