Skip to main content
CVE-2020-10755 MEDIUM PATCH This Month

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Openstack Cinder Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-6270 MEDIUM This Month

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6269 MEDIUM This Month

Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-2023 MEDIUM PATCH This Month

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

RCE Privilege Escalation Runtime
NVD GitHub
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-13271 MEDIUM This Month

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-13269 MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-13267 MEDIUM This Month

A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-6246 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-0121 MEDIUM PATCH This Month

In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0116 MEDIUM PATCH This Month

In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0113 MEDIUM PATCH This Month

In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Denial Of Service Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6266 MEDIUM This Month

SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Open Redirect Fiori
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2033 MEDIUM This Month

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Paloalto Authentication Bypass Globalprotect
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-0119 MEDIUM PATCH This Month

In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Google Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-13268 MEDIUM This Month

A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-6260 MEDIUM This Month

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Solution Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-5362 MEDIUM This Month

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Chengming 3967 Firmware Chengming 3977 Firmware Chengming 3980 Firmware +351
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-6239 MEDIUM This Month

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Business One
NVD
CVSS 3.1
4.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy