Skip to main content
CVE-2020-6503 MEDIUM POC This Month

Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5296 MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure October
NVD GitHub
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-5295 MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure LFI PHP October
NVD GitHub Exploit-DB
CVSS 3.1
4.9
EPSS
7.4%
CVE-2020-5298 MEDIUM POC PATCH This Month

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-6504 MEDIUM POC This Month

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-13792 MEDIUM POC This Month

PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Playtube
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-3220 MEDIUM PATCH This Month

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-3216 MEDIUM This Month

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple Ios Xe Sd Wan
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-3209 MEDIUM PATCH This Month

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Jwt Attack Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-3215 MEDIUM This Month

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3214 MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3213 MEDIUM PATCH This Month

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3210 MEDIUM PATCH This Month

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple iOS
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3208 MEDIUM PATCH This Month

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Cisco Privilege Escalation Apple iOS
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3207 MEDIUM This Month

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2020-3204 MEDIUM PATCH This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Cisco RCE Apple iOS +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-4190 MEDIUM PATCH This Month

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-13776 MEDIUM PATCH This Month

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user. Rated medium severity (CVSS 6.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd Active Iq Unified Manager Solidfire Hci Management Node Fedora
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-6502 MEDIUM This Month

Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-6501 MEDIUM This Month

Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-6500 MEDIUM This Month

Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-6499 MEDIUM This Month

Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-6498 MEDIUM This Month

Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Apple Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-6497 MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Apple Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6495 MEDIUM This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Backports +1
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6494 MEDIUM This Month

Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Backports Sle +1
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-4307 MEDIUM PATCH This Month

IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service IBM Security Guardium
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-2198 MEDIUM This Month

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Project Inheritance
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2192 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Self Organizing Swarm Modules
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-3237 MEDIUM This Month

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-13798 MEDIUM PATCH This Month

An issue was discovered in Navigate CMS through 2.8.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Navigate Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13797 MEDIUM PATCH This Month

An issue was discovered in Navigate CMS through 2.8.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Navigate Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13796 MEDIUM PATCH This Month

An issue was discovered in Navigate CMS through 2.8.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Navigate Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7011 MEDIUM This Month

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Elastic App Search
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4182 MEDIUM PATCH This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13596 MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Fedora Ubuntu Linux +4
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2020-2199 MEDIUM This Month

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Subversion Partial Release Manager
NVD
CVSS 3.1
6.1
EPSS
6.2%
CVE-2020-3201 MEDIUM PATCH This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-10749 MEDIUM PATCH This Month

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Information Disclosure Cni Network Plugins Openshift Container Platform Fedora +1
NVD
CVSS 3.1
6.0
EPSS
2.4%
CVE-2020-3353 MEDIUM This Month

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Identity Services Engine
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-4035 MEDIUM PATCH This Month

In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Node.js SQLi Apple Watermelondb
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-13254 MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Django Ubuntu Linux Fedora +4
NVD
CVSS 3.1
5.9
EPSS
6.1%
CVE-2020-11091 MEDIUM PATCH This Month

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Weave Net
NVD GitHub
CVSS 3.1
5.8
EPSS
0.9%
CVE-2020-3335 MEDIUM PATCH This Month

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Cisco Authentication Bypass Application Policy Infrastructure Controller Application Services Engine
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3339 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-7015 MEDIUM This Month

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-3233 MEDIUM This Month

A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Iox
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2195 MEDIUM PATCH This Month

Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Compact Columns
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2194 MEDIUM PATCH This Month

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Echarts Api
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2193 MEDIUM PATCH This Month

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Echarts Api
NVD
CVSS 3.1
5.4
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy