Skip to main content
CVE-2020-15043 MEDIUM POC This Month

iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wrb303N Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-14413 MEDIUM POC This Month

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2020-12635 MEDIUM POC This Month

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adobe Webforms Pro M2
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-15319 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15318 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15317 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15316 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15315 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15314 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15313 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15312 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-13896 MEDIUM POC THREAT This Month

The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp1800X 50 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
14.8%
CVE-2020-13423 MEDIUM POC This Month

Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adobe Form Builder For Magento 2
NVD
CVSS 3.1
4.8
EPSS
1.4%
CVE-2020-14069 MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-15368 MEDIUM This Month

AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rgb Driver Firmware
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
5.9%
CVE-2020-15389 MEDIUM PATCH This Month

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Openjpeg Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-8573 MEDIUM This Month

The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Hci H610S Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-14071 MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mk Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12024 MEDIUM This Month

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-12020 MEDIUM This Month

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-12012 MEDIUM This Month

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13,. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-14145 MEDIUM PATCH This Month

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Aff A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-14002 MEDIUM This Month

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Putty Oncommand Unified Manager Core Package Fedora
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2020-15393 MEDIUM PATCH This Month

In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-13657 MEDIUM This Month

An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Avg Antivirus Free Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-4037 MEDIUM PATCH This Month

In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4557 MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8024 MEDIUM PATCH This Month

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Hylafax
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-12035 MEDIUM This Month

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
4.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy