Skip to main content
CVE-2020-25235 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-25232 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-25230 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-25229 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-15796 HIGH This Week

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200Sp Open Controller Firmware Simatic S7 1500 Software Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-8258 HIGH This Week

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Gateway Plug In
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-20183 HIGH This Week

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass P1302 T10 V3 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5665 HIGH This Week

Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq F Fx5U Cpu Firmware
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2020-28396 HIGH This Week

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sicam A8000 Cp 8000 Firmware Sicam A8000 Cp 8021 Firmware Sicam A8000 Cp 8022 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2020-16104 HIGH This Week

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Command Centre
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-14368 HIGH This Week

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Che
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-0465 MEDIUM PATCH This Month

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-5637 MEDIUM This Month

Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aterm Sa3500G Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5636 MEDIUM This Month

Aterm SA3500G firmware versions prior to Ver. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aterm Sa3500G Firmware
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-15733 MEDIUM This Month

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Antivirus Plus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-17511 MEDIUM PATCH This Month

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Airflow
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-28859 MEDIUM This Month

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Asset Management
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-29511 MEDIUM This Month

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Go Trident
NVD GitHub
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-29510 MEDIUM This Month

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Go Trident
NVD GitHub
CVSS 3.1
5.6
EPSS
2.0%
CVE-2020-29509 MEDIUM PATCH This Month

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Go Trident
NVD GitHub
CVSS 3.1
5.6
EPSS
2.1%
CVE-2020-0019 MEDIUM This Month

In the Broadcom Nexus firmware, there is an insecure default password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Broadcom Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0470 MEDIUM PATCH This Month

In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-0469 MEDIUM PATCH This Month

In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0468 MEDIUM PATCH This Month

In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0467 MEDIUM PATCH This Month

In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0464 MEDIUM PATCH This Month

In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25233 MEDIUM This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25231 MEDIUM This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware Logo Soft Comfort
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-35460 MEDIUM PATCH This Month

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mpxj Primavera Unifier
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-17513 MEDIUM PATCH This Month

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Python Airflow
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-35236 MEDIUM PATCH This Month

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Information Disclosure Lagoon
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-0459 LOW PATCH Monitor

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy