Skip to main content
CVE-2020-1941 MEDIUM PATCH This Month

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Activemq Communications Diameter Signaling Router Communications Element Manager +4
NVD
CVSS 3.1
6.1
EPSS
6.2%
CVE-2020-5575 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-5409 MEDIUM This Month

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Concourse
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12046 MEDIUM This Month

Opto 22 SoftPAC Project Version 9.6 and prior. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Softpac Project
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2020-0106 MEDIUM This Month

In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0104 MEDIUM PATCH This Month

In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0101 MEDIUM PATCH This Month

In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0100 MEDIUM PATCH This Month

In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0091 MEDIUM This Month

In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0090 MEDIUM This Month

An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0065 MEDIUM This Month

An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0064 MEDIUM This Month

An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-5574 MEDIUM This Month

HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Movable Type
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-0093 MEDIUM PATCH This Month

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android Debian Linux +3
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2020-0092 MEDIUM PATCH This Month

In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2020-1960 MEDIUM PATCH This Month

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when. Rated medium severity (CVSS 4.7).

Apache Information Disclosure Flink
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-4365 MEDIUM This Month

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Information Disclosure Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-4299 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy