Skip to main content
CVE-2020-15919 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eframework
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8175 MEDIUM POC PATCH This Month

Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jpeg Js
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-15945 MEDIUM POC PATCH This Month

Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Lua
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15918 MEDIUM POC This Month

Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eframework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14307 MEDIUM This Month

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Red Hat Amq Jboss Enterprise Application Platform Continuous Delivery +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14297 MEDIUM PATCH This Month

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Amq Jboss Ejb Client Jboss Enterprise Application Platform Continuous Delivery +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14175 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-10602 MEDIUM This Month

In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Null Pointer Dereference Denial Of Service Data Archive
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14725 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager
NVD
CVSS 3.1
4.9
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy