Skip to main content
CVE-2020-10023 MEDIUM PATCH This Month

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-10060 MEDIUM PATCH This Month

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-11864 MEDIUM PATCH This Month

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Libemf Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-11863 MEDIUM PATCH This Month

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Libemf Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1698 MEDIUM PATCH This Month

A flaw was found in keycloak in versions before 9.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10685 MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine Ansible Tower Ceph Storage +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-7647 MEDIUM PATCH This Month

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jooby
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-5834 MEDIUM This Month

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-12784 MEDIUM This Month

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-12748 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-10059 MEDIUM PATCH This Month

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
4.8
EPSS
1.2%
CVE-2020-1724 MEDIUM PATCH This Month

A flaw was found in Keycloak in versions before 9.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Openshift Application Runtimes Single Sign On
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy