Skip to main content
CVE-2020-28206 MEDIUM POC This Month

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitrix Framework
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-13496 MEDIUM POC This Month

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-29239 MEDIUM POC This Month

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Voting System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-13498 MEDIUM POC This Month

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openusd
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-13497 MEDIUM POC This Month

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-13494 MEDIUM POC This Month

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Information Disclosure Openusd
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-29240 MEDIUM POC This Month

Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Leptoncms
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-25656 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.1). Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2020-26244 MEDIUM PATCH This Month

Python oic is a Python OpenID Connect implementation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Openid Connect
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-4102 MEDIUM This Month

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Notes
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-25265 MEDIUM This Month

AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libappimage
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-14383 MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14369 MEDIUM This Month

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Cloudforms
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-29456 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papermerge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-27816 MEDIUM This Month

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana Openshift Container Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25266 MEDIUM This Month

AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appimaged
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25704 MEDIUM PATCH This Month

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Command Center +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13956 MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient Quarkus Data Integrator +14
NVD
CVSS 3.1
5.3
EPSS
8.7%
CVE-2020-29454 MEDIUM PATCH This Month

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy