Skip to main content
CVE-2020-24613 MEDIUM POC This Month

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-19880 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-19879 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-19888 MEDIUM POC This Month

DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Dbhcms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-19877 MEDIUM POC This Month

DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dbhcms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-19890 MEDIUM POC This Month

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Dbhcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-19887 MEDIUM POC This Month

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-19885 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-19884 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-19883 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-19882 MEDIUM POC This Month

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-19881 MEDIUM POC This Month

DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dbhcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-4383 MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4598 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Security Guardium Insights
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14367 MEDIUM PATCH This Month

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Chrony Fedora Ubuntu Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-4382 MEDIUM This Month

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Denial Of Service IBM Elastic Storage Server
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4165 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium Insights
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10775 MEDIUM This Month

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Virtualization Ovirt Engine
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-24612 MEDIUM PATCH This Month

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Rated medium severity (CVSS 4.7). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Selinux Policy
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-4593 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Insights
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-4170 MEDIUM This Month

IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Security Guardium Insights
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy