Skip to main content
CVE-2020-8192 MEDIUM POC PATCH This Month

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastify
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-16157 MEDIUM POC THREAT This Month

A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD
CVSS 3.1
5.4
EPSS
14.4%
CVE-2020-8202 MEDIUM POC This Month

Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Denial Of Service Preferred Providers
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-15129 MEDIUM POC PATCH This Month

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Open Redirect Traefik
NVD GitHub
CVSS 3.1
4.7
EPSS
8.0%
CVE-2020-8222 MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
6.8
EPSS
2.3%
CVE-2020-7205 MEDIUM This Month

A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Intelligent Provisioning Service Pack For Proliant Smartstart Scripting Toolkit
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-14309 MEDIUM This Month

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Grub2 Leap
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-8220 MEDIUM This Month

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Command Injection Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-8204 MEDIUM This Month

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-8217 MEDIUM This Month

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Citrix Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-15511 MEDIUM This Month

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Terraform Enterprise
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-8213 MEDIUM This Month

An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4186 MEDIUM PATCH This Month

IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-8221 MEDIUM This Month

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-8216 MEDIUM This Month

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
4.3
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy