Skip to main content
CVE-2020-7691 MEDIUM POC PATCH This Month

In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspdf
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-7690 MEDIUM POC PATCH This Month

All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspdf
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-15570 MEDIUM POC This Month

The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Whoopsie
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-6013 HIGH This Week

ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Zonealarm Extreme Security
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-5371 HIGH This Week

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Isilon Onefs Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5352 HIGH This Week

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Data Protection Advisor
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-9395 HIGH PATCH This Week

An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. Rated high severity (CVSS 8.0). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Rtl8711Af Firmware Rtl8711Am Firmware Rtl8195Am Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2020-9262 HIGH This Week

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free Huawei +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-9261 HIGH This Week

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Memory Corruption Mate 30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-9100 HIGH This Week

Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hisuite
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5372 HIGH This Week

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Powerstore 1000 Firmware Emc Powerstore 3000 Firmware Emc Powerstore 5000 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-5368 HIGH This Week

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Vxrail D560F Firmware Vxrail D560 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14303 HIGH This Week

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-10760 MEDIUM This Month

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Samba Ubuntu Linux +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-5356 MEDIUM This Month

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Powerprotect Data Manager Powerprotect X400 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-1839 MEDIUM This Month

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition RCE Huawei Mate 30 Firmware
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-15562 MEDIUM PATCH This Month

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-9226 MEDIUM This Month

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Huawei Information Disclosure P30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-1838 MEDIUM This Month

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-15569 MEDIUM PATCH This Month

PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Milkytracker Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-1836 MEDIUM This Month

HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Huawei Information Disclosure P30 Firmware P30 Pro Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-1837 MEDIUM This Month

ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Changxiang 8 Plus Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy