Skip to main content
CVE-2020-26826 MEDIUM This Month

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-26967 MEDIUM This Month

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26966 MEDIUM This Month

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-26965 MEDIUM This Month

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-26961 MEDIUM This Month

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-26957 MEDIUM This Month

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26955 MEDIUM This Month

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26828 MEDIUM This Month

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26260 MEDIUM This Month

BookStack is a platform for storing and organising information and documentation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bookstack
NVD GitHub
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26835 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26962 MEDIUM This Month

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26958 MEDIUM This Month

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-26956 MEDIUM This Month

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-26951 MEDIUM This Month

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25627 MEDIUM PATCH This Month

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
3.7%
CVE-2020-2020 MEDIUM This Month

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cortex Xdr Agent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27349 MEDIUM PATCH This Month

Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26834 MEDIUM This Month

SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Hana Database
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-26816 MEDIUM This Month

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2020-26963 MEDIUM This Month

Repeated calls to the history and location interfaces could have been used to hang the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-26954 MEDIUM This Month

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-26953 MEDIUM This Month

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-16128 LOW PATCH Monitor

The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux
NVD
CVSS 3.1
3.8
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy