Skip to main content
CVE-2020-7567 MEDIUM This Month

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2020-28941 MEDIUM PATCH This Month

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-7571 MEDIUM PATCH This Month

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webreports
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-7570 MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webreports
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4718 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-28954 MEDIUM PATCH This Month

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bigbluebutton
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-25703 MEDIUM PATCH This Month

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-25701 MEDIUM PATCH This Month

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-9049 MEDIUM PATCH This Month

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Denial Of Service Authentication Bypass C Cure Web Victor Web
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-7568 MEDIUM This Month

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-28953 MEDIUM PATCH This Month

In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bigbluebutton
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-28942 MEDIUM This Month

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-5947 MEDIUM This Month

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-6879 LOW Monitor

Some ZTE devices have input verification vulnerabilities. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxhn Z500 Firmware Zxhn F670L Firmware
NVD
CVSS 3.1
3.5
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy