Skip to main content
CVE-2020-9036 MEDIUM POC This Month

Jeedom through 4.0.38 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeedom
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2020-16254 MEDIUM POC PATCH This Month

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Chartkick
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15132 MEDIUM POC PATCH This Month

In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sulu
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-8607 MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit Apex One Deep Security +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-14344 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow Libx11 Fedora +2
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-15112 MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15106 MEDIUM PATCH This Month

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-16192 MEDIUM PATCH This Month

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-17364 MEDIUM PATCH This Month

USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS User Friendly Svn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13819 MEDIUM This Month

Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extreme Management Center
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14347 MEDIUM PATCH This Month

A flaw was found in the way xserver memory was not properly initialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure X Server Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-16252 MEDIUM PATCH This Month

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Field Test
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy