Skip to main content
CVE-2020-13645 MEDIUM POC This Month

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Balsa Glib Networking Ubuntu Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-13245 MEDIUM POC This Month

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Information Disclosure R6120 Firmware R6220 Firmware R6350 Firmware +11
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-13644 MEDIUM POC This Month

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Accordion
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13660 MEDIUM POC This Month

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-4249 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4231 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Identity Governance And Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-11949 MEDIUM This Month

testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cc9381 Hv Firmware Fd9360 H Firmware Fd9368 Htv Firmware Fd9380 H Firmware +190
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-11082 MEDIUM PATCH This Month

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Kaminari Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-5357 MEDIUM This Month

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. Rated medium severity (CVSS 6.0). No vendor patch available.

Dell Information Disclosure Dock Wd15 Firmware Dock Wd19 Firmware Thunderbolt Dock Tb16 Firmware +1
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-4419 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4244 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4233 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Governance And Intelligence
NVD
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy