Skip to main content
CVE-2020-26256 MEDIUM POC PATCH This Month

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Denial Of Service Fast Csv
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-25664 MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14206 MEDIUM POC This Month

The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Divebook
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-27756 MEDIUM POC This Month

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-27753 MEDIUM POC This Month

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-27750 MEDIUM POC This Month

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25676 MEDIUM POC This Month

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-25674 MEDIUM POC This Month

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25667 MEDIUM POC This Month

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-25665 MEDIUM POC This Month

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25663 MEDIUM POC PATCH This Month

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-25955 MEDIUM POC This Month

SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Student Management System Project In Php
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-29539 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 allows a threat actor to have a remote authenticated user run JavaScript from a malicious site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pure Neural Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14205 MEDIUM POC This Month

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Divebook
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-9922 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-9849 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure Icloud Itunes +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-10014 MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X macOS
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-10012 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Mac Os X macOS
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25631 MEDIUM PATCH This Month

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-25628 MEDIUM PATCH This Month

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-27821 MEDIUM PATCH This Month

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-26253 MEDIUM PATCH This Month

Kirby is a CMS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Kirby Panel
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-27822 MEDIUM PATCH This Month

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wildfly
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-27896 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-27950 MEDIUM KEV THREAT This Month

A memory initialization issue was addressed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
16.5%
CVE-2020-27929 MEDIUM This Month

A logic issue existed in the handling of Group FaceTime calls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-27925 MEDIUM This Month

An issue existed in the handling of incoming calls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27900 MEDIUM This Month

An issue existed in the handling of snapshots. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-27898 MEDIUM This Month

A denial of service issue was addressed with improved state handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-9989 MEDIUM This Month

The issue was addressed with improved deletion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9988 MEDIUM This Month

The issue was addressed with improved deletion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9977 MEDIUM This Month

A validation issue existed in the entitlement verification. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-9974 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-9969 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9963 MEDIUM This Month

The issue was addressed with improved handling of icon caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-9944 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-9943 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-27894 MEDIUM This Month

The issue was addressed with additional user controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-10009 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-10007 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10006 MEDIUM This Month

This issue was addressed with improved entitlements. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-10002 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25677 MEDIUM PATCH This Month

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ceph Ansible Ceph Storage
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-14207 MEDIUM This Month

The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Divebook
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-26234 MEDIUM PATCH This Month

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Java Information Disclosure Opencast
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-27902 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-9993 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-9987 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-9945 MEDIUM This Month

A spoofing issue existed in the handling of URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Safari Mac Os X
NVD
CVSS 3.1
4.3
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy