Skip to main content
CVE-2020-11652 MEDIUM POC KEV PATCH THREAT This Month

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Leap Debian Linux Ubuntu Linux +2
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
86.1%
CVE-2020-6579 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mailbeez
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12283 MEDIUM POC PATCH This Month

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Sourcegraph
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-12101 MEDIUM POC PATCH This Month

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xt Commerce
NVD
CVSS 3.1
4.3
EPSS
2.0%
CVE-2020-5892 MEDIUM This Month

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client Big Ip Edge Gateway
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-6865 MEDIUM This Month

ZTE SDN controller platform is impacted by an information leakage vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Information Disclosure Oscp
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-11029 MEDIUM This Month

In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-6867 MEDIUM This Month

ZTE's SDON controller is impacted by the resource management error vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zte Zenic One R22B
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-5890 MEDIUM This Month

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Iq Centralized Management Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-11030 MEDIUM This Month

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-11026 MEDIUM This Month

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
2.1%
CVE-2020-11025 MEDIUM This Month

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-5889 MEDIUM This Month

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10691 MEDIUM PATCH This Month

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2020-6866 MEDIUM This Month

A ZTE product is impacted by a resource management error vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zte Zxctn 6500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-11037 MEDIUM PATCH This Month

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Python Information Disclosure Wagtail
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-9387 MEDIUM PATCH This Month

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy