Skip to main content
CVE-2020-11952 MEDIUM POC This Month

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
6.2
EPSS
0.5%
CVE-2020-1456 MEDIUM POC PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
2.2%
CVE-2020-11083 MEDIUM POC PATCH This Month

In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-1398 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2020-15720 MEDIUM PATCH This Month

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Dogtagpki
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-1333 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege. Rated medium severity (CVSS 6.7).

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-7581 MEDIUM This Month

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process +8
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-1468 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.2%
CVE-2020-1433 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2020-1397 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
6.4%
CVE-2020-5246 MEDIUM PATCH This Month

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection LDAP Traccar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-7592 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Basic Panels 1St Generation Simatic Hmi Basic Panels 2Nd Generation Simatic Wincc Runtime Advanced Simatic Hmi Comfort Panels Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-6285 MEDIUM This Month

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4511 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6290 MEDIUM This Month

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Session Fixation Information Disclosure Disclosure Management
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2020-1442 MEDIUM PATCH This Month

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Office Online Server Office Web Apps
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-15721 MEDIUM PATCH This Month

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-10043 MEDIUM This Month

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-10041 MEDIUM This Month

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6281 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-6276 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4513 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6282 MEDIUM This Month

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF SAP Netweaver Application Server Java
NVD
CVSS 3.1
5.8
EPSS
1.1%
CVE-2020-1445 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Online Server +3
NVD
CVSS 3.1
5.5
EPSS
6.1%
CVE-2020-1426 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1420 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1419 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-1391 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1389 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1386 MEDIUM PATCH This Month

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1367 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1361 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1358 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-1351 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-1342 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Office +5
NVD
CVSS 3.1
5.5
EPSS
6.4%
CVE-2020-1330 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-10040 MEDIUM This Month

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4510 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-1454 MEDIUM PATCH This Month

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1451 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1450 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-1443 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-1326 MEDIUM PATCH This Month

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-15104 MEDIUM This Month

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2020-11084 MEDIUM This Month

In iPear, the manual execution of the eval() function can lead to command injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Ipear
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-7576 MEDIUM This Month

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Opcenter Execution Core
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6278 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-6267 MEDIUM This Month

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Disclosure Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4364 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-1434 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.3
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy