Skip to main content
CVE-2020-28241 MEDIUM POC PATCH This Month

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmaxminddb Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-5795 MEDIUM POC This Month

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE TP-Link Archer A7 Firmware
NVD
CVSS 3.1
6.2
EPSS
1.0%
CVE-2020-28249 MEDIUM POC PATCH This Month

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Joplin
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2020-28168 MEDIUM POC PATCH MAL This Month

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js SSRF Axios Sinec Ins
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%
CVE-2020-27152 MEDIUM POC PATCH This Month

An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-28327 MEDIUM POC PATCH This Month

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-27129 MEDIUM This Month

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Sd Wan Vmanage
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-27122 MEDIUM This Month

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3592 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-27128 MEDIUM This Month

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Sd Wan
NVD
CVSS 3.1
6.5
EPSS
60.8%
CVE-2020-27121 MEDIUM This Month

A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26084 MEDIUM This Month

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Edge Fog Fabric
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4482 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-27617 MEDIUM PATCH This Month

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-27616 MEDIUM PATCH This Month

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-28242 MEDIUM This Month

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Certified Asterisk Asterisk Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-5643 MEDIUM This Month

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-3590 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2020-3587 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2020-3579 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3551 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-8577 MEDIUM This Month

SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure E Series Santricity Os Controller
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-27123 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-17490 MEDIUM PATCH This Month

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-5667 MEDIUM This Month

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Apple Studyplus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26083 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3591 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

XSS Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26086 MEDIUM This Month

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Collaboration Endpoint
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4484 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4483 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy