Skip to main content
CVE-2020-4041 MEDIUM POC PATCH This Month

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bolt
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-12049 MEDIUM POC PATCH This Month

An issue was discovered in dbus >= 1.3.0 before 1.12.18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Dbus Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-7676 MEDIUM POC PATCH This Month

angular.js prior to 1.8.0 allows cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angularjs
NVD GitHub
CVSS 3.1
5.4
EPSS
2.1%
CVE-2020-4040 MEDIUM POC PATCH This Month

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bolt
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-12803 MEDIUM This Month

ODF documents can contain forms to be filled out by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Leap Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-13844 MEDIUM PATCH This Month

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Cortex A32 Firmware Cortex A35 Firmware Cortex A53 Firmware Cortex A57 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8954 MEDIUM This Month

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Openbrowser
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12802 MEDIUM This Month

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Leap
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-13696 MEDIUM PATCH This Month

An issue was discovered in LinuxTV xawtv before 3.107. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xawtv Debian Linux Backports Sle Leap +2
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-10754 MEDIUM PATCH This Month

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Networkmanager Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-1775 MEDIUM This Month

BCC recipients in mails sent from OTRS are visible in article detail on external interface.0.3 and prior versions, 7.0.17 and prior versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy