Skip to main content
CVE-2020-11524 MEDIUM POC PATCH This Month

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.6
EPSS
1.8%
CVE-2020-11523 MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
2.0%
CVE-2020-11521 MEDIUM POC PATCH This Month

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
6.6
EPSS
1.9%
CVE-2020-11522 MEDIUM POC PATCH This Month

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-12872 MEDIUM POC This Month

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yaws
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-3810 MEDIUM POC PATCH This Month

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apt Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-12882 MEDIUM POC This Month

Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Submitty
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-12685 MEDIUM PATCH This Month

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Interchange
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7809 MEDIUM This Month

ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Alsong
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-1758 MEDIUM PATCH This Month

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Keycloak Openstack
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-13093 MEDIUM This Month

iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Agent Dvr
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-12888 MEDIUM This Month

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. Rated medium severity (CVSS 5.3). No vendor patch available.

Linux Information Disclosure Linux Kernel Fedora Leap +22
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-10744 MEDIUM PATCH This Month

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. Rated medium severity (CVSS 5.0). No vendor patch available.

Information Disclosure Ansible Ansible Tower
NVD
CVSS 3.1
5.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy