Skip to main content
CVE-2020-24977 MEDIUM POC PATCH This Month

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2 Debian Linux Fedora +15
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-24963 MEDIUM POC This Month

An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Best Support System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-24981 MEDIUM POC This Month

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ucms
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-3453 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv340W Firmware Rv340 Firmware Rv345 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
3.1%
CVE-2020-3545 MEDIUM This Month

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Firepower Extensible Operating System
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-4632 MEDIUM This Month

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Infosphere Metadata Asset Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-3547 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asyncos
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-3498 MEDIUM This Month

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Jabber
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-3365 MEDIUM This Month

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-3537 MEDIUM This Month

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Jabber
NVD
CVSS 3.1
5.7
EPSS
1.3%
CVE-2020-4702 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3546 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asyncos
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3542 MEDIUM This Month

A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Webex Training
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7119 MEDIUM This Month

A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Information Disclosure Analytics And Location Engine
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2020-3451 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv340W Firmware Rv340 Firmware Rv345 Firmware +1
NVD
CVSS 3.1
4.7
EPSS
2.2%
CVE-2020-3541 MEDIUM This Month

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Webex Meetings Webex Teams
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-7299 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges. Rated medium severity (CVSS 4.1). No vendor patch available.

Microsoft Information Disclosure True Key
NVD
CVSS 3.1
4.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy