Skip to main content
CVE-2020-12826 MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-6250 MEDIUM This Month

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Adaptive Server Enterprise
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-6245 MEDIUM This Month

SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-10706 MEDIUM This Month

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2020-6259 MEDIUM This Month

Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Adaptive Server Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6258 MEDIUM This Month

SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Identity Management
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-6251 MEDIUM This Month

Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6254 MEDIUM This Month

SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Enterprise Threat Detection
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5898 MEDIUM This Month

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11062 MEDIUM PATCH This Month

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-6257 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4195 MEDIUM PATCH This Month

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Api Connect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8155 MEDIUM This Month

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-5248 MEDIUM PATCH This Month

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4346 MEDIUM PATCH This Month

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-1746 MEDIUM PATCH This Month

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2020-6256 MEDIUM This Month

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Master Data Governance
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy