Skip to main content
CVE-2020-14145 MEDIUM PATCH This Month

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Aff A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-14002 MEDIUM This Month

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Putty Oncommand Unified Manager Core Package Fedora
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2020-15393 MEDIUM PATCH This Month

In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-13657 MEDIUM This Month

An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Avg Antivirus Free Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-4037 MEDIUM PATCH This Month

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4557 MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8024 MEDIUM PATCH This Month

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Hylafax
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-12035 MEDIUM This Month

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2020-12039 LOW Monitor

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy