Skip to main content
CVE-2020-12465 MEDIUM PATCH This Month

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Mediatek Linux Kernel Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-11009 MEDIUM PATCH This Month

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rundeck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12252 MEDIUM This Month

An issue was discovered in Gigamon GigaVUE 5.5.01.11. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Gigavue
NVD
CVSS 3.1
6.2
EPSS
2.0%
CVE-2020-12462 MEDIUM This Month

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF Ninja Forms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-10797 MEDIUM PATCH This Month

An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pfsense
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-7453 MEDIUM PATCH This Month

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-12459 MEDIUM PATCH This Month

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Grafana Red Hat Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12277 MEDIUM This Month

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-12275 MEDIUM This Month

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-12276 MEDIUM This Month

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-8478 LOW Monitor

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Abb Privilege Escalation Mms Server Opc Server Base Software
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-12251 LOW Monitor

An issue was discovered in Gigamon GigaVUE 5.5.01.11. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Gigavue
NVD
CVSS 3.1
2.2
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy