Skip to main content
CVE-2020-29315 MEDIUM POC PATCH This Month

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thinkadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-28575 MEDIUM This Month

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Privilege Escalation Memory Corruption Serverprotect
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-26250 MEDIUM PATCH This Month

OAuthenticator is an OAuth login mechanism for JupyterHub. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Oauthenticator
NVD GitHub
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-4126 MEDIUM This Month

HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Hcl Inotes
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-7546 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Power Manager Powerscada Expert With Advanced Reporting And Dashboards +1
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-28583 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28582 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28577 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28576 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28573 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-4128 MEDIUM PATCH This Month

HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Authentication Bypass Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4129 MEDIUM This Month

HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hcl Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15257 MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker Information Disclosure Containerd +2
NVD GitHub
CVSS 3.1
5.2
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy