Skip to main content
CVE-2020-14146 MEDIUM POC This Month

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kumbiaphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-9076 MEDIUM This Month

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Authentication Bypass P30 Firmware P30 Pro Firmware Tony Al00B Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-1813 MEDIUM This Month

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P30 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-8675 MEDIUM This Month

Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Innovation Engine Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-0566 MEDIUM This Month

Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Trusted Execution Engine Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-0541 MEDIUM This Month

Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Memory Corruption Converged Security Management Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-0533 MEDIUM This Month

Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Information Disclosure Converged Security Management Engine Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-9075 MEDIUM This Month

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Secospace Usg6300 Firmware Secospace Usg6600 Firmware Usg6300E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-1825 MEDIUM This Month

FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fusionaccess
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-4477 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4471 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Denial Of Service IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-0531 MEDIUM This Month

Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Active Management Technology Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-13652 MEDIUM This Month

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digdash
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-9426 MEDIUM This Month

OX Guard 2.10.3 and earlier allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox Guard
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14093 MEDIUM PATCH This Month

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mutt Ubuntu Linux Debian Linux Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-14150 MEDIUM This Month

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Bison
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-13999 MEDIUM This Month

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Libemf Fedora
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-0543 MEDIUM This Month

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Simatic Itp1000 Firmware Simatic Ipc847D Firmware Simatic Ipc827D Firmware Simatic Ipc677D Firmware Simatic Ipc647D Firmware +691
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-0539 MEDIUM This Month

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Path Traversal Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-4051 MEDIUM PATCH This Month

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dijit Debian Linux Active Iq Unified Manager Oncommand Insight +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-4406 MEDIUM This Month

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Microsoft Spectrum Protect Client Spectrum Protect For Space Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14155 MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre macOS Gitlab +12
NVD
CVSS 3.1
5.3
EPSS
4.2%
CVE-2020-8674 MEDIUM This Month

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Active Management Technology Firmware Service Manager
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-0535 MEDIUM This Month

Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Active Management Technology Firmware
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-9427 MEDIUM This Month

OX Guard 2.10.3 and earlier allows SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Ox Guard
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2020-0537 MEDIUM This Month

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Active Management Technology Firmware
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2020-14154 MEDIUM This Month

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mutt Ubuntu Linux
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-0545 MEDIUM This Month

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Integer Overflow Converged Security Management Engine Firmware Server Platform Services +1
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-0527 MEDIUM This Month

Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Ssd D3 S4510 Firmware Ssd Dc P4510 Firmware Ssd Dc P4610 Firmware +2
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy