Skip to main content
CVE-2020-15253 MEDIUM POC PATCH This Month

Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grocy
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.2%
CVE-2020-7318 MEDIUM POC This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-15224 MEDIUM PATCH This Month

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Path Traversal Information Disclosure Openenclave
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-0414 MEDIUM PATCH This Month

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-0411 MEDIUM PATCH This Month

In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8332 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Lenovo IBM Bladecenter Hs23 Firmware Bladecenter Hs23E Firmware +16
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-3483 MEDIUM PATCH This Month

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. Rated medium severity (CVSS 6.3).

Information Disclosure Duo Network Gateway
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2020-24188 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intrexx
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-24551 MEDIUM This Month

IProom MMC+ Server login page does not validate specific parameters properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mmc
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25778 MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-0415 MEDIUM PATCH This Month

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-6933 MEDIUM PATCH This Month

An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Unified Endpoint Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0419 MEDIUM PATCH This Month

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0410 MEDIUM PATCH This Month

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0400 MEDIUM This Month

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0398 MEDIUM This Month

In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0378 MEDIUM This Month

In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0246 MEDIUM This Month

In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4395 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager Appliance
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25777 MEDIUM PATCH This Month

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Antivirus
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-27013 MEDIUM This Month

Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-7317 MEDIUM This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList". Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy