Skip to main content
CVE-2020-15436 MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +18
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-12352 MEDIUM POC This Month

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
5.7%
CVE-2020-26227 MEDIUM POC PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-28927 MEDIUM POC This Month

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Magicpin
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-15437 MEDIUM POC This Month

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-26231 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-7927 MEDIUM This Month

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege.2 versions prior to and including 4.2.17, MongoDB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ops Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-7928 MEDIUM PATCH This Month

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-7926 MEDIUM This Month

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem.4 versions prior to 4.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-28053 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4783 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-0569 MEDIUM PATCH This Month

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Microsoft Buffer Overflow Memory Corruption Intel +15
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2020-15249 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26239 MEDIUM PATCH This Month

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Mozilla Scratch Addons
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-28896 MEDIUM PATCH This Month

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mutt Neomutt Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-4771 MEDIUM PATCH This Month

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Spectrum Protect Operations Center
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-15247 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
5.2
EPSS
0.3%
CVE-2020-1778 MEDIUM This Month

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.0.9 and prior versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Otrs
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-15248 MEDIUM PATCH This Month

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PHP October
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy