Skip to main content
CVE-2020-9384 HIGH POC This Week

An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Roc Partner Settlement
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-9004 HIGH POC This Week

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Streaming Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-5739 HIGH POC This Week

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Gxp1610 Firmware Gxp1615 Firmware Gxp1620 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-5738 HIGH POC This Week

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gxp1610 Firmware Gxp1615 Firmware Gxp1620 Firmware Gxp1625 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2020-11001 MEDIUM POC PATCH This Month

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wagtail
NVD GitHub
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-7958 MEDIUM POC This Month

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Oneplus 7 Pro Firmware
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-6195 CRITICAL Act Now

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-10383 CRITICAL PATCH Act Now

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11765 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Leap +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-11764 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11763 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11762 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11761 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11760 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11759 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Openexr Fedora Ubuntu Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-11758 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openexr Fedora Ubuntu Linux +9
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-11723 MEDIUM POC This Month

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ufed Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11743 MEDIUM POC PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9461 MEDIUM POC This Month

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oempro
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-9460 MEDIUM POC This Month

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oempro
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-6238 CRITICAL Act Now

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XXE Commerce Cloud
NVD
CVSS 3.1
9.3
EPSS
1.3%
CVE-2020-6225 HIGH This Week

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Knowledge Management And Collaboration Kmc Cm Netweaver Knowledge Management And Collaboration Kmc Wpc
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6219 HIGH This Week

SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Deserialization Businessobjects Business Intelligence Platform Crystal Reports For Visual Studio
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-10382 HIGH PATCH This Week

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-11741 HIGH PATCH This Week

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-6235 HIGH This Week

SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-7800 HIGH This Week

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Husky Rtu 6049 E70 Firmware
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2020-11003 HIGH PATCH This Week

Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oasis
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-8327 HIGH This Week

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Vantage
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8319 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8318 HIGH This Week

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation System Interface Foundation
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10384 HIGH This Week

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-11739 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. Rated high severity (CVSS 7.8).

Race Condition Denial Of Service Privilege Escalation Xen Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5260 HIGH PATCH This Week

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Git Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
10.0%
CVE-2020-6237 HIGH This Week

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-6228 HIGH This Week

SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Client
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-6227 HIGH This Week

SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-6236 HIGH This Week

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Adaptive Extensions Landscape Management
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-6234 HIGH This Week

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Host Agent
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2020-6230 HIGH This Week

SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP Orientdb
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-4151 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6224 MEDIUM This Month

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
6.2
EPSS
1.1%
CVE-2020-7575 MEDIUM This Month

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Climatix Pol908 Firmware Climatix Pol909 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7574 MEDIUM This Month

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Climatix Pol908 Firmware Climatix Pol909 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6217 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6215 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-6211 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6229 MEDIUM This Month

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6223 MEDIUM This Month

The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6216 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy