Skip to main content
CVE-2020-15191 MEDIUM POC PATCH This Month

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-15190 MEDIUM POC PATCH This Month

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-25085 MEDIUM POC PATCH This Month

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. Rated medium severity (CVSS 5.0). Public exploit code available.

Buffer Overflow Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-15211 MEDIUM POC PATCH This Month

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-15201 MEDIUM POC PATCH This Month

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25149 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25145 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25144 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25143 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-25134 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-25133 HIGH This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-15369 HIGH This Week

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15192 MEDIUM POC PATCH This Month

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-25748 HIGH This Week

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rv 3406 Firmware Rv 3409 Firmware Rv 3411 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-15213 MEDIUM POC PATCH This Month

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
4.0
EPSS
0.6%
CVE-2020-19455 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-19451 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-19450 HIGH This Week

SQL injection exists in the jdownloads 3.2.63 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Jdownloads
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5930 HIGH This Week

In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +10
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-26112 HIGH This Week

The email quota cache in cPanel before 90.0.10 allows overwriting of files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-26109 HIGH This Week

cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-26107 HIGH This Week

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26106 HIGH This Week

cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26104 HIGH This Week

In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26103 HIGH This Week

In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26102 HIGH This Week

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26099 HIGH This Week

cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13387 HIGH This Week

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-12824 HIGH This Week

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-24593 HIGH This Week

Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micloud Management Portal
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-24692 HIGH This Week

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

XSS Micontact Center Business
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-7735 MEDIUM PATCH This Month

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Ng Packagr
NVD GitHub
CVSS 3.1
6.6
EPSS
2.4%
CVE-2020-25142 MEDIUM This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Observium
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-15370 MEDIUM This Month

Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-16242 MEDIUM This Month

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S2020 Firmware S2024 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4727 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-25140 MEDIUM This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Observium
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15521 MEDIUM This Month

Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-26115 MEDIUM This Month

cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26114 MEDIUM This Month

cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26113 MEDIUM This Month

cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26111 MEDIUM This Month

cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-26110 MEDIUM This Month

cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5929 MEDIUM This Month

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Microsoft Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +12
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-15372 MEDIUM This Month

A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4531 MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-25625 MEDIUM PATCH This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. Rated medium severity (CVSS 5.3).

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-24615 MEDIUM This Month

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-24595 MEDIUM This Month

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micloud Management Portal
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-24592 MEDIUM This Month

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micloud Management Portal
NVD
CVSS 3.1
5.3
EPSS
0.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy