Skip to main content
CVE-2020-10992 CRITICAL POC Act Now

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Azkaban
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10991 CRITICAL POC Act Now

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Aplkit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10993 CRITICAL POC Act Now

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Osmand
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-10817 HIGH POC This Week

The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Custom Searchable Data Entry System
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6095 HIGH POC PATCH This Week

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gst Rtsp Server Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-10956 CRITICAL Act Now

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-3936 CRITICAL Act Now

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ultralog Express Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10990 CRITICAL PATCH Act Now

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Mercury
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10607 HIGH This Week

In Advantech WebAccess, Versions 8.4.2 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-5863 HIGH This Week

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller Cloud Backup
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-5860 HIGH This Week

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Big Iq Centralized Management Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-1773 HIGH This Week

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-3920 HIGH This Week

UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ultralog Express Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-10940 HIGH This Week

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Portico Server 1 Client Portico Server 16 Client Portico Server 4 Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10939 HIGH This Week

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pc Worx Srt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5858 HIGH This Week

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Iq Centralized Management Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-10954 HIGH This Week

GitLab through 12.9 is affected by a potential DoS in repository archive download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10953 HIGH This Week

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Gitlab Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5862 HIGH This Week

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5861 HIGH This Week

On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5859 HIGH This Week

On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5857 HIGH This Week

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-1772 HIGH PATCH This Week

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Otrs Backports Sle Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10508 HIGH This Week

Sunnet eHRD, a human training and development management system, improperly stores system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ehrd
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3921 HIGH This Week

UltraLog Express device management software stores user’s information in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ultralog Express Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10955 MEDIUM This Month

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-10952 MEDIUM This Month

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Docker Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-8551 MEDIUM PATCH This Month

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Kubernetes Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-10510 MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ehrd
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-10509 MEDIUM This Month

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ehrd
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-7918 MEDIUM This Month

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Totemomail
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-1771 MEDIUM This Month

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-8552 MEDIUM PATCH This Month

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
2.4%
CVE-2020-1770 MEDIUM This Month

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Backports Sle Leap Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-1769 MEDIUM This Month

In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs Backports Sle Leap
NVD
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy