Skip to main content
CVE-2020-14331 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2020-10759 MEDIUM POC This Month

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Red Hat Enterprise Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-24924 MEDIUM POC This Month

A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Elkarbackup
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4711 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-13303 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-8927 MEDIUM PATCH This Month

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Brotli Debian Linux Fedora Ubuntu Linux +6
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2020-8340 MEDIUM This Month

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lenovo IBM Integrated Management Module 2
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-8339 MEDIUM This Month

A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Bladecenter Advanced Management Module Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7296 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2020-10767 MEDIUM PATCH This Month

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10766 MEDIUM PATCH This Month

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14385 MEDIUM PATCH This Month

A flaw was found in the Linux kernel before 5.9-rc4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14314 MEDIUM PATCH This Month

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8346 MEDIUM This Month

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9416 MEDIUM This Month

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Spotfire Analyst Spotfire Analytics Platform Spotfire Desktop Spotfire Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25071 MEDIUM This Month

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nifty
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4530 MEDIUM PATCH This Month

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13307 MEDIUM PATCH This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
1.0%
CVE-2020-7295 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-7294 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to delete or download protected files via improper access controls in the REST. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-16097 MEDIUM This Month

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-14304 MEDIUM This Month

A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-4526 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Maximo Asset Management
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-16099 MEDIUM This Month

In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy