Skip to main content
CVE-2020-5782 MEDIUM POC This Month

In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Helios Glinq
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-5783 MEDIUM POC This Month

In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Helios Glinq
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-5781 MEDIUM POC This Month

In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helios Glinq
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-25597 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-3130 MEDIUM This Month

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Unity Connection
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-3124 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-25739 MEDIUM PATCH This Month

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gon Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-3137 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Security Appliance
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-25602 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-25601 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25600 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25598 MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25596 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3116 MEDIUM This Month

A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Webex Meetings Online Webex Meetings Server
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-2283 MEDIUM PATCH This Month

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Liquibase Runner
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2281 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Lockable Resources
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-16240 MEDIUM This Month

GE Digital APM Classic, Versions 4.4 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Asset Performance Management Classic
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14370 MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-10687 MEDIUM PATCH This Month

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Request Smuggling Undertow Jboss Enterprise Application Platform Single Sign On
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-25604 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen Fedora Debian Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-3117 MEDIUM This Month

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Content Security Management Appliance Web Security Appliance
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-4340 MEDIUM This Month

IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4324 MEDIUM This Month

IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-2285 MEDIUM PATCH This Month

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Liquibase Runner
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2282 MEDIUM PATCH This Month

Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Implied Labels
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy