Skip to main content
CVE-2020-15500 MEDIUM POC PATCH THREAT This Month

An issue was discovered in server.js in TileServer GL through 3.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tileservergl
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
12.2%
CVE-2020-14166 MEDIUM POC This Month

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira Service Desk
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2020-5238 MEDIUM PATCH This Month

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Github Flavored Markdown Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-2500 MEDIUM This Month

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Information Disclosure Helpdesk
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-4376 MEDIUM PATCH This Month

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-14055 MEDIUM This Month

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monsta Ftp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5903 MEDIUM This Month

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-4022 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-14169 MEDIUM This Month

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14164 MEDIUM This Month

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14168 MEDIUM This Month

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-5908 MEDIUM This Month

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15470 MEDIUM This Month

ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ffjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-4024 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14196 MEDIUM This Month

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Recursor
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-4355 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2020-6261 MEDIUM This Month

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Solution Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-14165 MEDIUM This Month

The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-4025 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-4387 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).

Race Condition IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-4386 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. Rated medium severity (CVSS 4.7).

Race Condition IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-4027 MEDIUM PATCH This Month

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Confluence Confluence Server
NVD
CVSS 3.1
4.7
EPSS
1.5%
CVE-2020-4414 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-5905 MEDIUM This Month

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4029 MEDIUM This Month

The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy