Skip to main content
CVE-2020-15250 MEDIUM POC PATCH This Month

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Junit4 Debian Linux Pluto +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-4689 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to CVS Injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Security Guardium
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2020-9238 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Taurus An00B Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-9230 MEDIUM This Month

WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ws5800 10 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-9122 MEDIUM This Month

Some Huawei products have an insufficient input verification vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hirouter Cd30 10 Firmware Hirouter Ct31 10 Firmware Ws5200 12 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-4781 MEDIUM This Month

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service IBM Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4773 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-5141 MEDIUM This Month

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-5136 MEDIUM This Month

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5134 MEDIUM This Month

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-12670 MEDIUM This Month

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5142 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sonicos Sonicosv
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-9240 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Taurus An00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9108 MEDIUM This Month

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9107 MEDIUM This Month

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9091 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Taurus An00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9087 MEDIUM This Month

Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Taurus Al00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8821 MEDIUM This Month

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
5.4
EPSS
82.1%
CVE-2020-8820 MEDIUM This Month

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4741 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4681 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4680 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4775 MEDIUM This Month

A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4774 MEDIUM This Month

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14184 MEDIUM This Month

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4780 MEDIUM This Month

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-4699 MEDIUM This Month

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-4661 MEDIUM This Month

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-4660 MEDIUM This Month

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-5143 MEDIUM This Month

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-4740 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.2
EPSS
0.7%
CVE-2020-4678 MEDIUM PATCH This Month

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2020-13341 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Memory Corruption Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2020-4679 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-9110 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Taurus An00B Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-9109 MEDIUM This Month

There is an information disclosure vulnerability in several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Mate 20 Firmware Mate 20 X Firmware +4
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-9106 MEDIUM This Month

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Path Traversal P30 Pro Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-13943 MEDIUM PATCH This Month

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Tomcat Information Disclosure Debian Linux Instantis Enterprisetrack +1
NVD
CVSS 3.1
4.3
EPSS
57.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy