Skip to main content
CVE-2020-5985 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5983 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-24568 MEDIUM This Month

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-15230 MEDIUM PATCH This Month

Vapor is a web framework for Swift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Vapor
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-5422 MEDIUM This Month

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bosh System Metrics Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-7069 MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora Debian Linux Leap +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-15231 MEDIUM PATCH This Month

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Print
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26523 MEDIUM PATCH This Month

Froala Editor before 3.2.2 allows XSS via pasted content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Froala Editor
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5989 MEDIUM This Month

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5986 MEDIUM This Month

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26536 MEDIUM PATCH This Month

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-26519 MEDIUM This Month

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Mupdf Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-24627 MEDIUM This Month

A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kvm Ip Console Switch G2 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26526 MEDIUM This Month

An issue was discovered in Damstra Smart Asset 2020.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Asset
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-26524 MEDIUM This Month

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecloud
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15234 MEDIUM PATCH This Month

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-15233 MEDIUM PATCH This Month

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-13337 MEDIUM This Month

An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-5982 MEDIUM This Month

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-17482 MEDIUM This Month

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authoritative
NVD GitHub
CVSS 3.1
4.3
EPSS
2.6%
CVE-2020-25741 LOW PATCH Monitor

fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.1
3.2
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy