Skip to main content
CVE-2020-28096 MEDIUM POC This Month

FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Foscam X1 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-13474 MEDIUM POC This Month

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Accounts
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-29245 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29244 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29243 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29242 MEDIUM POC PATCH This Month

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tag
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-35738 MEDIUM POC This Month

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Wavpack Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-26569 MEDIUM POC This Month

In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-13473 MEDIUM POC This Month

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Accounts
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15898 MEDIUM POC This Month

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-13476 MEDIUM POC This Month

NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Invoice
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-29193 MEDIUM This Month

Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wv S2231L Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-26029 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-27837 MEDIUM PATCH This Month

A flaw was found in GDM in versions prior to 3.38.2.1. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Race Condition Authentication Bypass Gnome Display Manager
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-35615 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-35730 MEDIUM KEV PATCH THREAT This Month

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
32.8%
CVE-2020-26035 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26033 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zammad
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-35614 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-29159 MEDIUM PATCH This Month

An issue was discovered in Zammad before 3.5.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zammad
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-26028 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-29158 MEDIUM PATCH This Month

An issue was discovered in Zammad before 3.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Zammad
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26034 MEDIUM This Month

An account-enumeration issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26031 MEDIUM This Month

An issue was discovered in Zammad before 3.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zammad
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy