Skip to main content
CVE-2020-11623 MEDIUM POC This Month

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hd838 Firmware Hd438 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-12638 MEDIUM POC This Month

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Esp Idf Esp8266 Nonos Sdk Esp8266 Rtos Sdk
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-15912 MEDIUM POC This Month

Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model 3 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-11625 MEDIUM POC This Month

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hd838 Firmware Hd438 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15883 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Managedinstalls
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15881 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Munki Facts
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-10919 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure C More Hmi Ea9 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-7517 MEDIUM This Month

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8557 MEDIUM PATCH This Month

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-4447 MEDIUM PATCH This Month

IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Filenet Content Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15885 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comment
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-7520 MEDIUM PATCH This Month

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Schneider Electric Microsoft Open Redirect Software Update Utility
NVD
CVSS 3.1
4.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy