Skip to main content
CVE-2020-10250 CRITICAL POC Act Now

BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Direx Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-10233 CRITICAL POC Act Now

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure The Sleuth Kit
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-10190 HIGH POC This Week

An issue was discovered in MunkiReport before 5.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Munkireport
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10235 HIGH POC PATCH This Week

An issue was discovered in Froxlor before 0.10.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection PHP Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-10248 HIGH POC This Week

BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Direx Pro Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10192 MEDIUM POC This Month

An issue was discovered in Munkireport before 5.3.0.3923. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Munkireport
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2140 MEDIUM POC PATCH THREAT This Month

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Audit Trail
NVD
CVSS 3.1
6.1
EPSS
76.0%
CVE-2020-10232 CRITICAL PATCH Act Now

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption The Sleuth Kit Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-9758 CRITICAL Act Now

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation PHP Livezilla
NVD GitHub
CVSS 3.1
9.6
EPSS
2.5%
CVE-2020-10191 MEDIUM POC This Month

An issue was discovered in MunkiReport before 5.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Munkireport
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10249 MEDIUM POC This Month

BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Direx Pro Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-5256 HIGH PATCH This Week

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Code Injection PHP Bookstack
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2159 HIGH This Week

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Cryptomove
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2158 HIGH This Week

Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Literate
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-2135 HIGH PATCH This Week

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Script Security
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-2134 HIGH PATCH This Week

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Script Security
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5342 HIGH PATCH This Week

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1737 HIGH PATCH This Week

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10244 HIGH This Week

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jpaseto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4217 HIGH PATCH This Week

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8987 HIGH This Week

Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Antitrack Avg Antitrack
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-2146 HIGH PATCH This Week

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Jenkins Information Disclosure Mac
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-2144 HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rundeck
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2138 HIGH PATCH This Week

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Cobertura
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-1706 HIGH This Week

It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Openshift Container Platform
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-2139 MEDIUM PATCH This Month

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Cobertura
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-9282 MEDIUM This Month

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-10247 MEDIUM PATCH This Month

MISP 2.4.122 has Persistent XSS in the sighting popover tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10246 MEDIUM PATCH This Month

MISP 2.4.122 has reflected XSS via unsanitized URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2152 MEDIUM This Month

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Subversion Release Manager
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-10236 MEDIUM PATCH This Month

An issue was discovered in Froxlor before 0.10.14. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure PHP Froxlor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-2154 MEDIUM This Month

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Zephyr For Jira Test Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-2145 MEDIUM PATCH This Month

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zephyr Enterprise Test Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-10237 MEDIUM This Month

An issue was discovered in Froxlor through 0.10.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition PHP Froxlor
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4084 MEDIUM PATCH This Month

HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-9517 MEDIUM This Month

There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-2136 MEDIUM PATCH This Month

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Jenkins Git
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2155 MEDIUM This Month

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openshift Deployer
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2151 MEDIUM This Month

Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Quality Gates
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-2150 MEDIUM This Month

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sonar Quality Gates
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2149 MEDIUM PATCH This Month

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Repository Connector
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2143 MEDIUM PATCH This Month

Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Logstash
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2137 MEDIUM PATCH This Month

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Timestamper
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-9386 MEDIUM PATCH This Month

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-2157 MEDIUM This Month

Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skytap Cloud Ci
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-2156 MEDIUM This Month

Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Deployhub
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2153 MEDIUM PATCH This Month

Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Backlog
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2148 MEDIUM PATCH This Month

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Mac
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-2147 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Mac
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-2142 MEDIUM PATCH This Month

A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass P4
NVD
CVSS 3.1
4.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy