Skip to main content
CVE-2020-13945 MEDIUM POC PATCH THREAT This Month

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache Information Disclosure Apisix
NVD
CVSS 3.1
6.5
EPSS
73.0%
CVE-2020-26513 MEDIUM POC This Month

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Codebeamer
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-28727 MEDIUM PATCH This Month

Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Seeddms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8566 MEDIUM PATCH This Month

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8565 MEDIUM PATCH This Month

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8564 MEDIUM PATCH This Month

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Docker Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8563 MEDIUM PATCH This Month

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-28935 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Name Server Daemon Unbound Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-17521 MEDIUM PATCH This Month

Apache Groovy provides extension methods to aid with creating temporary directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Java Information Disclosure Groovy Snapcenter +19
NVD
CVSS 3.1
5.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy