Skip to main content
CVE-2020-7789 MEDIUM PATCH This Month

This affects the package node-notifier before 9.0.0. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Node Notifier
NVD GitHub
CVSS 3.1
5.6
EPSS
1.6%
CVE-2020-28214 MEDIUM This Month

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-7549 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +15
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-35175 MEDIUM PATCH This Month

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frappe
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-17470 MEDIUM This Month

An issue was discovered in FNET through 4.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fnet
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-5950 MEDIUM This Month

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-35149 MEDIUM PATCH This Month

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mquery
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-26265 MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7790 MEDIUM PATCH This Month

This affects the package spatie/browsershot from 0.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Browsershot
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-26417 MEDIUM This Month

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-26408 MEDIUM This Month

A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7541 MEDIUM This Month

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +16
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-26416 MEDIUM This Month

Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-15376 MEDIUM This Month

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-26415 MEDIUM This Month

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-26412 MEDIUM This Month

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-13357 MEDIUM This Month

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy