Skip to main content
CVE-2020-14629 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-14706 MEDIUM This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-14618 MEDIUM PATCH This Month

Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Primavera Unifier
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-14549 MEDIUM This Month

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Primavera Portfolio Management
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-14531 MEDIUM This Month

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Siebel Ui Framework
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-14530 MEDIUM This Month

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Security Service
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-14527 MEDIUM This Month

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Primavera Portfolio Management
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-14722 MEDIUM This Month

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Enterprise Communications Broker
NVD
CVSS 3.1
5.8
EPSS
0.9%
CVE-2020-14617 MEDIUM PATCH This Month

Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Primavera Unifier
NVD
CVSS 3.1
5.7
EPSS
1.1%
CVE-2020-15366 MEDIUM PATCH This Month

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Prototype Pollution Denial Of Service Ajv
NVD GitHub
CVSS 3.1
5.6
EPSS
2.3%
CVE-2020-14651 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Active Iq Unified Manager Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-14643 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Active Iq Unified Manager Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2020-14537 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9311 MEDIUM PATCH This Month

In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Silverstripe
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2976 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2975 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2974 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2973 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2972 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2971 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2966 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-2513 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2227 MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Deployer Framework
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2226 MEDIUM PATCH This Month

Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Authorization Strategy
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2225 MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Project
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-2224 MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Project
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2223 MEDIUM PATCH This Month

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-2222 MEDIUM PATCH This Month

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-2221 MEDIUM PATCH This Month

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-2220 MEDIUM PATCH This Month

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-14710 MEDIUM This Month

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14653 MEDIUM This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14612 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Human Capital Management Candidate Gateway
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14587 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Products
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14529 MEDIUM This Month

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Primavera Portfolio Management
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5765 MEDIUM This Month

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Nessus
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-15107 MEDIUM This Month

In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. Rated medium severity (CVSS 5.3). No vendor patch available.

Information Disclosure Openenclave
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-6165 MEDIUM PATCH This Month

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Silverstripe
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-14700 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Buffer Overflow Oracle Authentication Bypass Information Disclosure Vm Virtualbox +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14698 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Buffer Overflow Oracle Authentication Bypass Information Disclosure Vm Virtualbox +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14695 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Buffer Overflow Oracle Authentication Bypass Information Disclosure Vm Virtualbox +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14694 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Buffer Overflow Oracle Authentication Bypass Information Disclosure Vm Virtualbox +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14673 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14650 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14648 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-14635 MEDIUM This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Object Library
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-14621 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +21
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-14604 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-14603 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-14562 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Oracle Jdk E Series Santricity Os Controller +7
NVD
CVSS 3.1
5.3
EPSS
5.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy