Skip to main content
CVE-2020-12270 MEDIUM POC This Month

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bluezone
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-11822 MEDIUM POC This Month

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-11821 MEDIUM POC This Month

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rukovoditel
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-12272 MEDIUM POC This Month

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opendmarc Fedora
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-9072 MEDIUM This Month

Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Osd Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-1845 MEDIUM This Month

Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Pcmanager
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-11420 MEDIUM This Month

UPS Adapter CS141 before 1.90 allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cs141 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-10997 MEDIUM This Month

Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xtrabackup
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-12052 MEDIUM This Month

Grafana version < 6.7.3 is vulnerable for annotation popup XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Grafana
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-1880 MEDIUM This Month

Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Lion Al00C Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9489 MEDIUM PATCH This Month

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Tika Flexcube Private Banking Primavera Unifier +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2020-1722 MEDIUM This Month

A flaw was found in all ipa versions 4.x.x through 4.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Freeipa Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11415 MEDIUM PATCH This Month

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
4.9
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy