Skip to main content
CVE-2020-11887 MEDIUM POC This Month

svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SSRF Svg2Png
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5733 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5732 MEDIUM POC This Month

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5731 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5730 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5729 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5728 MEDIUM POC This Month

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11883 MEDIUM POC PATCH THREAT This Month

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Storefront Api Vue Storefront Api
NVD GitHub
CVSS 3.1
5.3
EPSS
15.2%
CVE-2020-0076 MEDIUM This Month

In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-7083 MEDIUM This Month

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fbx Software Development Kit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-11880 MEDIUM PATCH This Month

An issue was discovered in KDE KMail before 19.12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kmail
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-11879 MEDIUM This Month

An issue was discovered in GNOME Evolution before 3.35.91. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-7084 MEDIUM This Month

A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fbx Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-5737 MEDIUM PATCH This Month

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tenable Sc
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-0077 MEDIUM This Month

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-0075 MEDIUM This Month

In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-0068 MEDIUM This Month

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-0067 MEDIUM This Month

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android Ubuntu Linux
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy