Skip to main content
CVE-2020-4053 MEDIUM PATCH This Month

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Helm
NVD GitHub
CVSS 3.1
6.8
EPSS
1.5%
CVE-2020-14214 MEDIUM PATCH This Month

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zammad
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-7499 MEDIUM This Month

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mtn6501 0001 Firmware Mtn6501 0002 Firmware Mtn6260 0410 Firmware Mtn6260 0415 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-7492 MEDIUM This Month

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Gp Pro Ex Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-14199 MEDIUM This Month

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Trezor Model T Firmware Trezor One Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-8544 MEDIUM This Month

OX App Suite through 7.10.3 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8541 MEDIUM This Month

OX App Suite through 7.10.3 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Xchange Appsuite
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4320 MEDIUM This Month

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4052 MEDIUM PATCH This Month

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14210 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Application Insight Web Application Web Application Firewall
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-10268 MEDIUM This Month

Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Kr C4 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-9522 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Arcsight Enterprise Security Manager Express
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7495 MEDIUM This Month

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecostruxure Operator Terminal Expert
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-14213 MEDIUM PATCH This Month

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Zammad
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8542 MEDIUM This Month

OX App Suite through 7.10.3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-11838 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Arcsight Management Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7504 MEDIUM This Month

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-12494 MEDIUM This Month

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Twincat Driver Twincat
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11841 MEDIUM This Month

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Management Center
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-11840 MEDIUM This Month

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Management Center
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy