Skip to main content
CVE-2020-6616 MEDIUM POC This Month

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Broadcom Android Ipados +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12737 MEDIUM POC This Month

An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Path Traversal Rumpus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-12718 MEDIUM POC This Month

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10690 MEDIUM PATCH This Month

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. Rated medium severity (CVSS 6.4). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Linux Kernel Enterprise Linux +20
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-11541 MEDIUM This Month

In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Snagit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12680 MEDIUM This Month

Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Free Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11006 MEDIUM PATCH This Month

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shopizer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy