Skip to main content
CVE-2020-8019 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Syslog Ng
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8014 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Leap Tumbleweed Kopano Spamd
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8022 HIGH POC This Week

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Tomcat Leap
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-14414 HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP Nedi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-14412 HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP Nedi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-4067 HIGH This Week

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coturn Debian Linux Fedora Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-4452 HIGH This Week

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12048 HIGH This Week

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phoenix X36 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12037 HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12036 HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12008 HIGH This Week

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy