Skip to main content
CVE-2020-12852 MEDIUM POC This Month

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2020-12853 MEDIUM POC This Month

Pydio Cells 2.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13827 MEDIUM POC This Month

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phplist
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7030 MEDIUM POC This Month

A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Information Disclosure Ip Office
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-11682 MEDIUM This Month

Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nextgen Dvr Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-11680 MEDIUM This Month

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextgen Dvr Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-4183 MEDIUM This Month

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13800 MEDIUM This Month

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-13765 MEDIUM PATCH This Month

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.6
EPSS
2.4%
CVE-2020-10702 MEDIUM This Month

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qemu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13791 MEDIUM PATCH This Month

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6640 MEDIUM This Month

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4191 MEDIUM This Month

IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-9462 MEDIUM This Month

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Homey Firmware Homey Pro Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy