Skip to main content
CVE-2020-8012 CRITICAL POC THREAT Emergency

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Unified Infrastructure Management
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.6%
CVE-2020-8010 CRITICAL POC THREAT Emergency

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Infrastructure Management
NVD
CVSS 3.1
9.8
EPSS
48.7%
CVE-2020-7796 CRITICAL POC KEV THREAT Act Now

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
85.4%
CVE-2020-9270 HIGH POC This Week

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icehrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-6844 HIGH POC This Week

In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Olk Webstore
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-9265 HIGH POC This Week

phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpmychat Plus
NVD GitHub
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-9268 HIGH POC This Week

SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Soplanning
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-9269 HIGH POC This Week

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Soplanning
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2020-9271 MEDIUM POC This Month

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Icehrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-9267 MEDIUM POC This Month

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Soplanning
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-9266 MEDIUM POC This Month

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Soplanning
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-6845 MEDIUM POC This Month

An issue was discovered in TopManage OLK 2020. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Olk Webstore
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-7450 CRITICAL PATCH Act Now

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Freebsd
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-5530 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Property Listings
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-1790 HIGH This Week

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Gaussdb 200
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-1811 HIGH This Week

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Gaussdb 200
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-1812 HIGH This Week

HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8011 HIGH This Week

CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Unified Infrastructure Management
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-1816 HIGH This Week

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-1815 HIGH This Week

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-1842 MEDIUM This Month

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Hege 560 Firmware Osca 550 Firmware Osca 550A Firmware +2
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-1843 MEDIUM This Month

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hege 560 Firmware Osca 550 Firmware Osca 550A Firmware +2
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-1789 MEDIUM This Month

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Osca 550 Firmware Osca 550A Firmware Osca 550Ax Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-1855 MEDIUM This Month

Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hege 560 Firmware Osca 550 Firmware Osca 550A Firmware +3
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2020-9264 MEDIUM This Month

ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Eset Authentication Bypass Apple Cyber Security +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-8633 MEDIUM This Month

An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-1814 MEDIUM This Month

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Huawei Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-1830 MEDIUM This Month

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-1872 MEDIUM This Month

Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P10 Plus Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-1882 MEDIUM This Month

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Rs Firmware Mate 20 X Firmware Honor Magic2 Firmware +1
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-1791 LOW Monitor

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 20 Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy