Skip to main content
CVE-2020-15707 MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition Debian RCE +16
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2020-16135 MEDIUM POC PATCH This Month

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Libssh Debian Linux Fedora +2
NVD
CVSS 3.1
5.9
EPSS
4.1%
CVE-2020-16117 MEDIUM POC PATCH This Month

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Evolution Data Server Debian Linux
NVD
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-11933 MEDIUM This Month

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubuntu Privilege Escalation Snapd Ubuntu Linux
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-4569 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-2078 MEDIUM This Month

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Package Analytics
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-9692 MEDIUM PATCH This Month

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Adobe RCE Magento
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-9689 MEDIUM PATCH This Month

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Adobe RCE Path Traversal Magento
NVD
CVSS 3.1
6.5
EPSS
4.1%
CVE-2020-14308 MEDIUM This Month

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Integer Overflow Grub2 Leap
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-15706 MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2020-15705 MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-16095 MEDIUM PATCH This Month

The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kitodo Presentation
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14492 MEDIUM This Month

OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openclinic Ga
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5613 MEDIUM This Month

Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Konawiki
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5612 MEDIUM This Month

Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Konawiki
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11934 MEDIUM This Month

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Information Disclosure Ubuntu Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-8553 MEDIUM PATCH This Month

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-4645 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4644 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-4573 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-4572 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-5614 MEDIUM This Month

Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Konawiki
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2020-9690 MEDIUM PATCH This Month

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
4.2
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy