Skip to main content
CVE-2020-7226 HIGH POC PATCH This Week

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Cryptacular Communications Services Gatekeeper Webcenter Sites +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-7052 MEDIUM POC This Month

CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Linux +11
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6966 CRITICAL Act Now

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apexpro Telemetry Server Firmware Carescape Central Station Mai700 Firmware Carescape Central Station Mas700 Firmware Clinical Information Center Mp100D Firmware +2
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2020-6963 CRITICAL Act Now

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Apexpro Telemetry Server Firmware Carescape Central Station Mai700 Firmware Carescape Central Station Mas700 Firmware +3
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2020-6962 CRITICAL Act Now

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apexpro Telemetry Server Firmware Carescape B450 Monitor Firmware Carescape B650 Monitor Firmware Carescape B850 Monitor Firmware +5
NVD
CVSS 3.1
10.0
EPSS
4.9%
CVE-2020-6961 CRITICAL Act Now

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apexpro Telemetry Server Firmware Carescape Central Station Mai700 Firmware Carescape Central Station Mas700 Firmware Clinical Information Center Mp100D Firmware +2
NVD
CVSS 3.1
10.0
EPSS
1.6%
CVE-2020-6965 CRITICAL Act Now

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Apexpro Telemetry Server Firmware Carescape B450 Monitor Firmware Carescape B650 Monitor Firmware Carescape B850 Monitor Firmware +5
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2020-5224 HIGH PATCH This Week

In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

XSS Python Authentication Bypass Django User Sessions
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-5219 HIGH PATCH This Week

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Angular Expressions
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-6964 HIGH This Week

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apexpro Telemetry Server Firmware Carescape Central Station Mai700 Firmware Carescape Central Station Mas700 Firmware Clinical Information Center Mp100D Firmware +2
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-5226 MEDIUM PATCH This Month

Cross-site scripting in SimpleSAMLphp before version 1.18.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Simplesamlphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-5225 MEDIUM PATCH This Month

Log injection in SimpleSAMLphp before version 1.18.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Simplesamlphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-7964 MEDIUM PATCH This Month

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Saleor
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy