Skip to main content
CVE-2020-15071 MEDIUM POC This Month

content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Symphony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8911 MEDIUM POC PATCH This Month

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Oracle Information Disclosure Aws S3 Crypto Sdk
NVD GitHub
CVSS 3.1
5.6
EPSS
0.3%
CVE-2020-15597 MEDIUM POC This Month

SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Soplanning
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-17489 MEDIUM POC This Month

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnome Shell Ubuntu Linux Debian Linux Leap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-0256 MEDIUM This Month

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-9244 MEDIUM This Month

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 20 Pro Firmware Mate 20 X Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-13178 MEDIUM This Month

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-10779 MEDIUM This Month

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Red Hat Cloudforms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4485 MEDIUM This Month

IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-10780 MEDIUM This Month

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-13176 MEDIUM This Month

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Access Connector Cloud Access Connector Legacy
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13174 MEDIUM PATCH This Month

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pcoip Management Console
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10778 MEDIUM This Month

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Cloudforms
NVD
CVSS 3.1
6.0
EPSS
0.9%
CVE-2020-0258 MEDIUM This Month

In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0250 MEDIUM This Month

In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0249 MEDIUM This Month

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0248 MEDIUM This Month

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0247 MEDIUM This Month

In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0239 MEDIUM This Month

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9403 MEDIUM This Month

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pactware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13179 MEDIUM This Month

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-10777 MEDIUM This Month

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Cloudforms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14313 MEDIUM This Month

An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Quay
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy