Skip to main content
CVE-2020-11825 HIGH POC This Week

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dolibarr Erp Crm
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11818 HIGH POC This Week

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rukovoditel
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-2180 HIGH PATCH This Week

Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Amazon Web Services Serverless Application Model
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-2179 HIGH PATCH This Week

Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Yaml Axis
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-7486 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tricon Tcm 4351 Firmware Tricon Tcm 4352 Firmware Tricon Tcm 4351A Firmware Tricon Tcm 4351B Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-7484 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tristation 1131
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7483 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tristation 1131
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-11826 HIGH This Week

Users can lock their notes with a password in Memono version 3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memono
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-3651 HIGH PATCH This Week

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +37
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4347 HIGH This Week

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
7.3
EPSS
1.8%
CVE-2020-7111 HIGH This Week

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Clearpass
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-2178 HIGH PATCH This Week

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Parasoft Findings
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy