Skip to main content
CVE-2020-8606 CRITICAL POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
72.7%
CVE-2020-8605 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
87.6%
CVE-2020-8604 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Path Traversal Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
89.7%
CVE-2020-10936 HIGH POC This Week

Sympa before 6.2.56 allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sympa Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13623 HIGH POC This Week

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13386 HIGH POC This Week

In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smartdraw 2020
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-13628 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Centreon Host Monitoring Widget Centreon Tactical Overview Widget Centreon Service Monitoring Widget
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-13627 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Centreon Host Monitoring Widget Centreon Tactical Overview Widget Centreon Service Monitoring Widget
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-10946 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Centreon Host Monitoring Widget Centreon Tactical Overview Widget Centreon Service Monitoring Widget
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-11075 CRITICAL PATCH Act Now

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Engine
NVD GitHub
CVSS 3.1
9.9
EPSS
1.8%
CVE-2020-6774 HIGH This Week

Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Recording Station Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-11059 HIGH PATCH This Week

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Aegir
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-4379 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4350 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4349 HIGH PATCH This Week

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4226 HIGH PATCH This Week

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Mobilefirst Platform Foundation
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13622 HIGH This Week

JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13630 HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Sqlite Fedora +17
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2020-4348 MEDIUM PATCH This Month

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Scale
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10737 MEDIUM PATCH This Month

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into. Rated medium severity (CVSS 6.3).

Race Condition Information Disclosure Oddjob
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-8603 MEDIUM PATCH This Month

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-13633 MEDIUM PATCH This Month

Fork before 5.8.3 allows XSS via navigation_title or title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fork Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13632 MEDIUM PATCH This Month

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite Fedora Ubuntu Linux +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13631 MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora Ubuntu Linux Cloud Backup +14
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13253 MEDIUM PATCH This Month

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-4358 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Scale
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4378 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Scale
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-10945 MEDIUM PATCH This Month

Centreon before 19.10.7 exposes Session IDs in server responses. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Centreon Widget Host Monitoring
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-4357 MEDIUM PATCH This Month

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy