Skip to main content
CVE-2020-8494 HIGH POC This Week

In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Time And Attendance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-8442 HIGH POC This Week

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ossec
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-8495 HIGH POC This Week

In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Web Time And Attendance
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-5222 HIGH PATCH This Week

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-5229 HIGH PATCH This Week

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Opencast
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-1931 HIGH This Week

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Command Injection Spamassassin
NVD
CVSS 3.1
8.1
EPSS
6.5%
CVE-2020-1930 HIGH This Week

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Command Injection Spamassassin
NVD
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-8093 HIGH This Week

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5230 HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5228 HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-3147 HIGH This Week

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +54
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-7909 HIGH This Week

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7906 HIGH This Week

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Microsoft Information Disclosure Rider
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-7905 HIGH This Week

Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7904 HIGH This Week

In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.4
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy