Skip to main content
CVE-2020-11110 MEDIUM POC PATCH This Month

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana E Series Performance Analyzer
NVD GitHub
CVSS 3.1
5.4
EPSS
9.6%
CVE-2020-7695 MEDIUM POC PATCH This Month

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uvicorn
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-7017 MEDIUM This Month

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Elastic Kibana Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2020-15954 MEDIUM This Month

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kmail Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12880 MEDIUM This Month

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-10643 MEDIUM This Month

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pi Vision
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-15120 MEDIUM PATCH This Month

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass I Hate Money
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-7016 MEDIUM PATCH This Month

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Elastic Denial Of Service Kibana Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-4408 MEDIUM PATCH This Month

The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Qradar Advisory
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-4498 MEDIUM PATCH This Month

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-4405 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy