Skip to main content
CVE-2020-27639 HIGH This Week

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 6873I Sip Firmware 6930 Sip Firmware 6940 Sip Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-35555 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 10 software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-35554 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-35553 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Qualcomm Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-35475 HIGH This Week

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25608 HIGH This Week

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micollab
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-27781 HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-17520 MEDIUM This Month

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pulsar Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-4764 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Planning Analytics
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-14271 MEDIUM This Month

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Inotes
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-4080 MEDIUM PATCH This Month

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Domino
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27340 MEDIUM This Month

The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-25611 MEDIUM This Month

The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Micollab
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25606 MEDIUM This Month

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Micollab
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-35549 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-35548 MEDIUM This Month

An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-25609 MEDIUM This Month

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Micollab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-35552 MEDIUM This Month

An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Qualcomm Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-35480 MEDIUM This Month

An issue was discovered in MediaWiki before 1.35.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-25610 MEDIUM This Month

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micollab
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-13528 MEDIUM This Month

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Xport Edge Firmware
NVD
CVSS 3.1
5.3
EPSS
2.9%
CVE-2020-25612 MEDIUM This Month

The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Micollab
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2020-26251 MEDIUM PATCH This Month

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

CSRF Open Zaak
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-13527 MEDIUM This Month

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Authentication Bypass Xport Edge Firmware Sgx Firmware
NVD
CVSS 3.1
4.5
EPSS
0.6%
CVE-2020-24693 LOW Monitor

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Micontact Center Business
NVD
CVSS 3.1
3.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy