Skip to main content
CVE-2020-11820 CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11819 CRITICAL POC THREAT Act Now

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Rukovoditel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
26.8%
CVE-2020-11816 CRITICAL POC Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11815 CRITICAL POC Act Now

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11811 CRITICAL POC Act Now

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qdpm
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-7485 CRITICAL Act Now

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tristation 1131
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-7224 CRITICAL Act Now

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Microsoft Authentication Bypass Apple Openvpn
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7114 CRITICAL Act Now

A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-1964 CRITICAL PATCH Act Now

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Heron
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-11812 CRITICAL Act Now

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-3653 CRITICAL Act Now

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Microsoft Information Disclosure Msm8998 Firmware Qca6390 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-3652 CRITICAL Act Now

Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Microsoft Information Disclosure Msm8998 Firmware Qca6390 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy