Skip to main content
CVE-2020-11022 MEDIUM POC PATCH This Month

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Jquery Drupal Debian Linux Fedora +66
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.9
EPSS
2.1%
CVE-2020-12464 MEDIUM POC PATCH This Month

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +9
NVD GitHub
CVSS 3.1
6.7
EPSS
0.8%
CVE-2020-12469 MEDIUM POC This Month

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Subrion
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12467 MEDIUM POC This Month

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Subrion
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-11023 MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux Fedora Drupal +48
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
83.8%
CVE-2020-12458 MEDIUM POC PATCH This Month

An information-disclosure flaw was found in Grafana through 6.7.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-12472 MEDIUM POC This Month

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-12465 MEDIUM PATCH This Month

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Mediatek Linux Kernel Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-11009 MEDIUM PATCH This Month

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rundeck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12252 MEDIUM This Month

An issue was discovered in Gigamon GigaVUE 5.5.01.11. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Gigavue
NVD
CVSS 3.1
6.2
EPSS
2.0%
CVE-2020-12462 MEDIUM This Month

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF Ninja Forms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-10797 MEDIUM PATCH This Month

An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pfsense
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-7453 MEDIUM PATCH This Month

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-12459 MEDIUM PATCH This Month

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Grafana Red Hat Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12277 MEDIUM This Month

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-12275 MEDIUM This Month

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-12276 MEDIUM This Month

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy