Skip to main content
CVE-2020-2236 MEDIUM PATCH This Month

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Yet Another Build Visualizer
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-17507 MEDIUM PATCH This Month

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qt Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2020-13288 MEDIUM This Month

In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
4.0%
CVE-2020-6300 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-7301 MEDIUM This Month

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Data Loss Prevention
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-6297 MEDIUM This Month

Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Data Intelligence
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-6310 MEDIUM This Month

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6299 MEDIUM This Month

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6273 MEDIUM This Month

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4 Hana Fiori Ui For General Ledger Accounting
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2237 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Flaky Test Handler
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-6653 LOW Monitor

Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Secureconnect
NVD
CVSS 3.1
3.9
EPSS
0.3%
CVE-2020-2035 LOW Monitor

When SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
3.0
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy