Skip to main content
CVE-2020-2190 MEDIUM PATCH This Month

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Script Security
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13795 MEDIUM PATCH This Month

An issue was discovered in Navigate CMS through 2.8.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Navigate Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-3333 MEDIUM PATCH This Month

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Cisco Authentication Bypass Application Policy Infrastructure Controller Application Services Engine
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-4187 MEDIUM PATCH This Month

IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-5299 MEDIUM PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection October
NVD GitHub
CVSS 3.1
5.1
EPSS
1.0%
CVE-2020-3223 MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-3231 MEDIUM PATCH This Month

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass iOS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3206 MEDIUM PATCH This Month

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3222 MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Apple Ios Xe
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-2197 MEDIUM This Month

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Project Inheritance
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2191 MEDIUM PATCH This Month

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Self Organizing Swarm Modules
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4026 MEDIUM This Month

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Navigator Links
NVD
CVSS 3.1
4.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy