Skip to main content
CVE-2020-13595 MEDIUM This Month

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-13594 MEDIUM This Month

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-17465 MEDIUM This Month

Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25033 MEDIUM This Month

The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Subscribe Sidebar
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25047 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-25046 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-4492 MEDIUM This Month

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13828 MEDIUM This Month

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12646 MEDIUM This Month

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15020 MEDIUM This Month

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Website Builder
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14364 MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service Information Disclosure Qemu +6
NVD
CVSS 3.1
5.0
EPSS
5.4%
CVE-2020-12644 MEDIUM This Month

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
0.7%
CVE-2020-25048 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-13467 MEDIUM This Month

The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cks32F103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-13463 MEDIUM This Month

The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apm32F103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-12643 MEDIUM This Month

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-13464 MEDIUM This Month

The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Cks32F103 Firmware
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2020-12829 LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
3.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy