Skip to main content
CVE-2020-8227 MEDIUM POC THREAT This Month

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Path Traversal Desktop
NVD
CVSS 3.1
6.8
EPSS
22.4%
CVE-2020-14201 MEDIUM POC PATCH This Month

Dolibarr CRM before 11.0.5 allows privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Dolibarr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-20634 MEDIUM POC This Month

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Website Builder
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-5775 MEDIUM POC This Month

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Canvas Learning Management Service
NVD
CVSS 3.1
5.8
EPSS
6.5%
CVE-2020-8189 MEDIUM POC This Month

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nextcloud Desktop
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-20633 MEDIUM POC This Month

ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Privilege Escalation PHP Gdpr Cookie Consent
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-10123 MEDIUM POC This Month

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aptra Xfs
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-7310 MEDIUM This Month

Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Total Protection
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-10290 MEDIUM This Month

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Urx
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5416 MEDIUM This Month

Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nginx Cf Deployment Routing Release
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-8622 MEDIUM PATCH This Month

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Fedora Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2020-24591 MEDIUM This Month

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-7923 MEDIUM PATCH This Month

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.4 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-9246 MEDIUM This Month

FusionCompute 8.0.0 has an information leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-15858 MEDIUM This Month

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Bgs5 Firmware Ehs5 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-12759 MEDIUM This Month

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9096 MEDIUM This Month

HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9095 MEDIUM This Month

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3975 MEDIUM This Month

VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware App Volumes
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14194 MEDIUM This Month

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-9062 MEDIUM This Month

Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Probase
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2020-24585 MEDIUM This Month

An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-3976 MEDIUM PATCH This Month

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service VMware Cloud Foundation Vcenter Server ESXi
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-14518 MEDIUM This Month

Philips DreamMapper, Version 2.24 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dreammapper
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-16239 MEDIUM This Month

When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Suresigns Vs4 Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-8624 MEDIUM This Month

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bind Steelstore Cloud Integrated Storage Ubuntu Linux Debian Linux +2
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2020-9104 MEDIUM This Month

HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei P30 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy