Skip to main content
CVE-2020-4294 MEDIUM POC This Month

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

IBM SSRF Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2020-4271 MEDIUM POC This Month

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

IBM Deserialization Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.3
EPSS
1.7%
CVE-2020-5721 MEDIUM POC This Month

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mikrotik Winbox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-4274 MEDIUM POC This Month

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-0918 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2020-0917 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2020-6992 MEDIUM This Month

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-7276 MEDIUM This Month

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3261 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Aironet 1542I Firmware Aironet 1542D Firmware Aironet 1562I Firmware +14
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-3260 MEDIUM This Month

A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Aironet 1542I Firmware Aironet 1542D Firmware Aironet 1815 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-3252 MEDIUM This Month

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2020-11660 MEDIUM This Month

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ca Api Developer Portal
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-0576 MEDIUM This Month

Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Intel Compute Module Mfs2600Ki Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-0558 MEDIUM This Month

Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Microsoft Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-0993 MEDIUM PATCH This Month

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.2%
CVE-2020-0952 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.8%
CVE-2020-2952 MEDIUM PATCH This Month

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Http Server
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-2951 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-2910 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-2906 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Supplier Change). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Scm Purchasing
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-2790 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-2780 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Ubuntu Linux +5
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-2594 MEDIUM This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-7278 MEDIUM This Month

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Security
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-10513 MEDIUM This Month

The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dvr Interface
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2737 MEDIUM This Month

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Database Server
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2020-2955 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Flexcube Core Banking
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2020-2799 MEDIUM This Month

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Graalvm
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2020-2795 MEDIUM This Month

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure Knowledge
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-2768 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.3
EPSS
1.3%
CVE-2020-7257 MEDIUM This Month

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-11665 MEDIUM This Month

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ca Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-11664 MEDIUM This Month

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ca Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-11663 MEDIUM This Month

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ca Api Developer Portal
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-3954 MEDIUM This Month

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect VMware Vrealize Log Insight
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-11791 MEDIUM This Month

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netgear Jgs516Pe Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-1050 MEDIUM PATCH This Month

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365 Server
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-2954 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Candidate Gateway). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Human Capital Management Candidate Gateway
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2920 MEDIUM This Month

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Agile Product Lifecycle Management
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-2868 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2811 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-2797 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2751 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-2946 MEDIUM PATCH This Month

Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Application Performance Management
NVD
CVSS 3.1
6.0
EPSS
1.3%
CVE-2020-2894 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-2743 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Oracle Authentication Bypass Information Disclosure Vm Virtualbox +1
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-2741 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Oracle Authentication Bypass Information Disclosure Vm Virtualbox +1
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-2932 MEDIUM This Month

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Knowledge
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2020-2804 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Ubuntu Linux +4
NVD
CVSS 3.1
5.9
EPSS
3.3%
CVE-2020-2524 MEDIUM This Month

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Knowledge
NVD
CVSS 3.1
5.9
EPSS
1.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy