Skip to main content
CVE-2020-16125 MEDIUM POC This Month

gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Information Disclosure Gnome Display Manager
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-27403 MEDIUM POC This Month

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure 32S330 Firmware 40S330 Firmware 43S434 Firmware +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-0454 MEDIUM POC This Month

In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25267 MEDIUM POC This Month

An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilias
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-28409 MEDIUM POC This Month

The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dundas Bi
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-28408 MEDIUM POC This Month

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dundas Bi
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26809 MEDIUM POC This Month

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Commerce Cloud
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-5388 MEDIUM This Month

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow RCE Dell Inspiron 15 7579 Firmware
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2020-0450 MEDIUM PATCH This Month

In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12485 MEDIUM This Month

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Frame Touch Module
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4568 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-0453 MEDIUM PATCH This Month

In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0448 MEDIUM PATCH This Month

In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0443 MEDIUM PATCH This Month

In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0437 MEDIUM PATCH This Month

In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Denial Of Service Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0424 MEDIUM PATCH This Month

In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4760 MEDIUM This Month

IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4704 MEDIUM This Month

IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-26811 MEDIUM This Month

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Commerce Cloud Accelerator Payment Mock
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-26814 MEDIUM This Month

SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Process Integration Pgp Module Business To Business Add On
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-28368 MEDIUM PATCH This Month

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xen Fedora Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-6316 MEDIUM This Month

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4Hana
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy