Skip to main content
CVE-2020-8447 CRITICAL POC Act Now

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Ossec
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-8444 CRITICAL POC Act Now

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Ossec
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-8443 CRITICAL POC Act Now

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ossec
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-8494 HIGH POC This Week

In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Time And Attendance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-8442 HIGH POC This Week

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ossec
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8495 HIGH POC This Week

In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Web Time And Attendance
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-5231 MEDIUM POC PATCH This Month

In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-8492 MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2020-5233 MEDIUM POC PATCH This Month

OAuth2 Proxy before 5.0 has an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Oauth2 Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5206 CRITICAL PATCH Act Now

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-8445 CRITICAL Act Now

In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ossec
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-8448 MEDIUM POC This Month

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ossec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8446 MEDIUM POC This Month

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ossec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8496 MEDIUM POC This Month

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Time And Attendance
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-8493 MEDIUM POC This Month

A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Time And Attendance
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-5222 HIGH PATCH This Week

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-5229 HIGH PATCH This Week

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Opencast
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-1931 HIGH This Week

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Command Injection Spamassassin
NVD
CVSS 3.1
8.1
EPSS
6.5%
CVE-2020-1930 HIGH This Week

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Command Injection Spamassassin
NVD
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-8093 HIGH This Week

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5230 HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5228 HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-3147 HIGH This Week

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +54
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-7909 HIGH This Week

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7906 HIGH This Week

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Microsoft Information Disclosure Rider
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-7905 HIGH This Week

Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7904 HIGH This Week

In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.4
EPSS
1.4%
CVE-2020-7913 MEDIUM This Month

JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-7911 MEDIUM This Month

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-8095 MEDIUM This Month

A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Total Security 2020
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8092 MEDIUM This Month

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8498 MEDIUM PATCH This Month

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Gistpress
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-7910 MEDIUM This Month

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7912 MEDIUM This Month

In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-7908 MEDIUM This Month

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy