Skip to main content
CVE-2020-24333 MEDIUM POC This Month

A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudvision Portal
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-14024 MEDIUM POC This Month

Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-23446 MEDIUM POC This Month

Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Workforce Optimization
NVD VulDB
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-14027 MEDIUM POC This Month

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-14023 MEDIUM POC This Month

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-15839 MEDIUM PATCH This Month

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-4619 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-4612 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-3977 MEDIUM PATCH This Month

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass VMware Horizon Daas
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-24619 MEDIUM PATCH This Month

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Shotcut
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-4615 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Data Risk Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4616 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-4618 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Data Risk Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy