Skip to main content
CVE-2020-12659 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.6.7. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-5517 MEDIUM POC PATCH This Month

CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF 5209R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-12666 MEDIUM POC PATCH This Month

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Macaron Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-11034 MEDIUM POC PATCH This Month

In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
7.6%
CVE-2020-8033 MEDIUM POC This Month

Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11036 MEDIUM POC This Month

In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-10859 MEDIUM This Month

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
CVSS 3.1
6.5
EPSS
4.4%
CVE-2020-10630 MEDIUM This Month

SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Net Line Fw 50 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11737 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-12656 MEDIUM This Month

gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12655 MEDIUM PATCH This Month

An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-12439 MEDIUM PATCH This Month

Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Grin
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-12144 MEDIUM This Month

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2020-12143 MEDIUM This Month

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2020-12142 MEDIUM This Month

1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2020-11051 MEDIUM PATCH This Month

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-8799 MEDIUM This Month

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wti Like Post
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-12652 MEDIUM PATCH This Month

The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition,. Rated medium severity (CVSS 4.1).

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy