Skip to main content
CVE-2020-13694 HIGH POC This Week

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Quickbox
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13448 HIGH POC THREAT This Week

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Quickbox
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
17.8%
CVE-2020-13757 HIGH POC PATCH This Week

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-13695 HIGH POC This Week

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Quickbox
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-13758 MEDIUM POC This Month

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bitrix24
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8967 CRITICAL Act Now

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Erp
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-12867 MEDIUM POC This Month

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sane Backends Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-4018 HIGH This Week

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Crucible Fisheye
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-7660 HIGH PATCH This Week

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Serialize Javascript
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-9291 HIGH This Week

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-4019 HIGH This Week

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Companion
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12062 HIGH PATCH This Week

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSH Information Disclosure Openssh
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-7659 HIGH This Week

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Reel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4020 HIGH This Week

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Companion
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-9071 MEDIUM This Month

There is a few bytes out-of-bounds read vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware +15
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-6868 MEDIUM This Month

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte F680 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-4023 MEDIUM This Month

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4021 MEDIUM This Month

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-4013 MEDIUM This Month

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Crucible Fisheye
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4017 MEDIUM This Month

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Crucible Fisheye
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4016 MEDIUM This Month

The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Crucible Fisheye
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4015 MEDIUM This Month

The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crucible Fisheye
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-4014 MEDIUM This Month

The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Crucible Fisheye
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy