Skip to main content
CVE-2020-25651 MEDIUM POC PATCH This Month

A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-25653 MEDIUM POC PATCH This Month

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-25652 MEDIUM POC PATCH This Month

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-13886 MEDIUM POC This Month

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tip200 Firmware Tip200Lite Firmware Tip300 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
5.2%
CVE-2020-29130 MEDIUM POC This Month

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libslirp Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-29129 MEDIUM This Month

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libslirp Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-27663 MEDIUM This Month

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-27662 MEDIUM This Month

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy