Skip to main content
CVE-2020-13694 HIGH POC This Week

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Quickbox
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-13448 HIGH POC THREAT This Week

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Quickbox
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
17.8%
CVE-2020-13757 HIGH POC PATCH This Week

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-13695 HIGH POC This Week

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Quickbox
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-4018 HIGH This Week

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Crucible Fisheye
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-7660 HIGH PATCH This Week

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Serialize Javascript
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-9291 HIGH This Week

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Information Disclosure Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-4019 HIGH This Week

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Companion
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12062 HIGH PATCH This Week

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSH Information Disclosure Openssh
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-7659 HIGH This Week

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Reel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4020 HIGH This Week

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Companion
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy