Skip to main content
CVE-2020-8468 HIGH POC KEV PATCH THREAT Act Now

Trend Micro Apex One and OfficeScan agents are vulnerable to content validation bypass, allowing authenticated attackers to manipulate agent client components and inject malicious content.

NVD
CVSS 3.1
8.8
EPSS
18.4%
CVE-2020-9325 HIGH POC This Week

Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tiff Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-9324 HIGH POC This Week

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tiff Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10673 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage Agile Plm +27
NVD GitHub
CVSS 3.1
8.8
EPSS
8.0%
CVE-2020-10672 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +28
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-8467 HIGH KEV PATCH THREAT This Week

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Apex One Officescan
NVD
CVSS 3.1
8.8
EPSS
10.8%
CVE-2020-7002 HIGH This Week

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-9326 HIGH This Week

BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Privilege Management For Windows And Mac
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-8470 HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
4.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy