Skip to main content
CVE-2020-10190 HIGH POC This Week

An issue was discovered in MunkiReport before 5.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Munkireport
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10235 HIGH POC PATCH This Week

An issue was discovered in Froxlor before 0.10.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection PHP Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-10248 HIGH POC This Week

BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Direx Pro Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5256 HIGH PATCH This Week

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Code Injection PHP Bookstack
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2159 HIGH This Week

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Cryptomove
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2158 HIGH This Week

Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Literate
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-2135 HIGH PATCH This Week

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Script Security
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-2134 HIGH PATCH This Week

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Script Security
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5342 HIGH PATCH This Week

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1737 HIGH PATCH This Week

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Ansible Engine Ansible Tower
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10244 HIGH This Week

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jpaseto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4217 HIGH PATCH This Week

The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-8987 HIGH This Week

Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Antitrack Avg Antitrack
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-2146 HIGH PATCH This Week

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Jenkins Information Disclosure Mac
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2020-2144 HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rundeck
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2138 HIGH PATCH This Week

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Cobertura
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-1706 HIGH This Week

It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Openshift Container Platform
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy