Skip to main content
CVE-2020-9496 MEDIUM POC THREAT This Month

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apache Deserialization Ofbiz
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
98.9%
CVE-2020-14982 MEDIUM POC This Month

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Web Time And Attendance
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15051 MEDIUM POC This Month

An issue was discovered in Artica Proxy before 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2020-15718 MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.3%
CVE-2020-15716 MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
CVE-2020-13788 MEDIUM POC PATCH This Month

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-11437 MEDIUM POC This Month

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-2978 MEDIUM POC PATCH This Month

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Database
NVD
CVSS 3.1
4.1
EPSS
1.2%
CVE-2020-14557 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-14552 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Portal
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-15780 MEDIUM PATCH This Month

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Linux Authentication Bypass Linux Kernel Leap Ubuntu Linux
NVD
CVSS 3.1
6.7
EPSS
1.3%
CVE-2020-2969 MEDIUM PATCH This Month

Vulnerability in the Data Pump component of Oracle Database Server. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Oracle Information Disclosure Database Server
NVD
CVSS 3.1
6.6
EPSS
2.0%
CVE-2020-14065 MEDIUM This Month

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-14064 MEDIUM This Month

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mail Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-15117 MEDIUM PATCH This Month

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Synergy Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-14711 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Apple Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-14693 MEDIUM This Month

Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Insurance Accounting Analyzer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-14692 MEDIUM This Month

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Financial Services Loan Loss Forecasting And Provisioning
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-14685 MEDIUM This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-14680 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Active Iq Unified Manager Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-14655 MEDIUM This Month

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Security Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-14652 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-14619 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Active Iq Unified Manager Oncommand Insight Oncommand Workflow Automation +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-14605 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-14594 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Inventory Integration). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Oracle Information Disclosure Food And Beverage Applications
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-14591 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-14576 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14539 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14721 MEDIUM This Month

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Enterprise Communications Broker
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2020-14662 MEDIUM This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2020-15700 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2020-15695 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2020-15717 MEDIUM PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-2562 MEDIUM PATCH This Month

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Primavera Portfolio Management
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-14640 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14638 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14637 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14636 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-14627 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-14615 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14613 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Webcenter Sites
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-14607 MEDIUM PATCH This Month

Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Fusion Middleware Mapviewer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14601 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-14592 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-14572 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-14563 MEDIUM PATCH This Month

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Enterprise Communications Broker
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-14528 MEDIUM This Month

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Primavera Portfolio Management
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-15696 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2020-14704 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-14703 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox Leap
NVD
CVSS 3.1
6.0
EPSS
0.6%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy