Skip to main content
CVE-2020-7776 MEDIUM POC PATCH This Month

This affects the package phpoffice/phpspreadsheet from 0.0.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
6.4
EPSS
1.3%
CVE-2020-29258 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29257 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26836 MEDIUM POC This Month

SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-16599 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Hci Management Node +2
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-16593 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16592 MEDIUM POC This Month

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Binutils Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-16591 MEDIUM POC This Month

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Binutils Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-16590 MEDIUM POC This Month

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Binutils Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-16589 MEDIUM POC PATCH This Month

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Openexr Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-16588 MEDIUM POC PATCH This Month

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Openexr Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-16587 MEDIUM POC PATCH This Month

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Openexr Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-29259 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedback parameter to feedback.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Examination System
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10146 MEDIUM POC This Month

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Teams
NVD GitHub
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-29660 MEDIUM POC PATCH This Month

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-26964 MEDIUM This Month

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-7337 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Virusscan Enterprise
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-26257 MEDIUM PATCH This Month

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-26826 MEDIUM This Month

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-26967 MEDIUM This Month

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26966 MEDIUM This Month

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-26965 MEDIUM This Month

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-26961 MEDIUM This Month

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-26957 MEDIUM This Month

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26955 MEDIUM This Month

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26828 MEDIUM This Month

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26260 MEDIUM This Month

BookStack is a platform for storing and organising information and documentation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bookstack
NVD GitHub
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26835 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26962 MEDIUM This Month

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26958 MEDIUM This Month

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-26956 MEDIUM This Month

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-26951 MEDIUM This Month

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25627 MEDIUM PATCH This Month

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
3.7%
CVE-2020-2020 MEDIUM This Month

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cortex Xdr Agent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27349 MEDIUM PATCH This Month

Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26834 MEDIUM This Month

SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Hana Database
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-26816 MEDIUM This Month

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2020-26963 MEDIUM This Month

Repeated calls to the history and location interfaces could have been used to hang the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-26954 MEDIUM This Month

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-26953 MEDIUM This Month

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy