Skip to main content
CVE-2020-11049 LOW POC PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.5%
CVE-2020-11048 LOW POC PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.8%
CVE-2020-11044 LOW POC PATCH Monitor

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.9%
CVE-2020-11053 MEDIUM PATCH This Month

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12705 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leptoncms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-12703 MEDIUM This Month

UliCMS before 2020.2 has XSS during PackageController uninstall. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ulicms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-12679 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect Shoretel Conference Web
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12696 MEDIUM This Month

The iframe plugin before 4.5 for WordPress does not sanitize a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Iframe
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-11055 MEDIUM PATCH This Month

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12683 MEDIUM PATCH This Month

Katyshop2 before 2.12 has multiple stored XSS issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Katyshop2
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-12692 MEDIUM PATCH This Month

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Ubuntu Linux
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-12448 MEDIUM This Month

GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4430 MEDIUM KEV PATCH THREAT This Month

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Data Risk Manager
NVD
CVSS 3.1
4.3
EPSS
68.5%
CVE-2020-11054 LOW PATCH Monitor

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Qutebrowser Fedora
NVD GitHub
CVSS 3.1
3.5
EPSS
1.3%
CVE-2020-11046 LOW PATCH Monitor

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy