Skip to main content
CVE-2020-12831 MEDIUM POC PATCH This Month

An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Free Range Routing
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-2003 MEDIUM This Month

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2017 MEDIUM This Month

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2005 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-1997 MEDIUM This Month

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Open Redirect Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8020 MEDIUM This Month

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Build Service Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12742 MEDIUM PATCH This Month

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Iubenda Cookie Law Solution
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-12699 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Direct Mail
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2004 MEDIUM This Month

Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Paloalto Google Information Disclosure +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9501 MEDIUM This Month

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dahua Information Disclosure Web P2P
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-7455 MEDIUM This Month

In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-11065 MEDIUM PATCH This Month

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-11064 MEDIUM PATCH This Month

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-1993 MEDIUM This Month

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Session Fixation Information Disclosure Pan Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-11070 MEDIUM PATCH This Month

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Svg Sanitizer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-1996 MEDIUM This Month

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-12697 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Direct Mail
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-1995 MEDIUM This Month

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-5838 MEDIUM This Month

Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS It Analytics
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-1994 MEDIUM This Month

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-4312 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12700 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12698 MEDIUM PATCH This Month

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Direct Mail
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy