Skip to main content
CVE-2020-15415 CRITICAL POC KEV THREAT Act Now

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Vigor3900 Firmware Vigor2960 Firmware Vigor300b Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
84.6%
CVE-2020-14947 HIGH POC PATCH THREAT This Week

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Open Computer Software Inventory Next Generation
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
19.5%
CVE-2020-15397 HIGH POC PATCH This Week

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Hylafax Hylafax Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15396 HIGH POC PATCH This Week

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Privilege Escalation Hylafax Hylafax Enterprise Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15395 HIGH POC This Week

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mediainfo Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-14474 HIGH POC This Week

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ufed Firmware
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9483 HIGH POC THREAT This Week

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub
CVSS 3.1
7.5
EPSS
34.6%
CVE-2020-7049 HIGH POC This Week

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Guardian
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-15307 MEDIUM POC This Month

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Guardian
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-15411 CRITICAL PATCH Act Now

An issue was discovered in MISP 2.4.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9413 CRITICAL Act Now

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2020-15084 CRITICAL PATCH Act Now

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Express Jwt
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-9414 HIGH This Week

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-15049 HIGH PATCH This Week

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Squid Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-15087 HIGH PATCH This Week

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Presto
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-13095 HIGH This Week

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-5601 HIGH This Week

Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Command Injection E Tax Reception System
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-15401 MEDIUM POC This Month

IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Malware Fighter
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-5580 HIGH This Week

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-5971 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5968 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14482 HIGH This Week

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Dopsoft
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-4044 HIGH PATCH This Week

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Stack Overflow Xrdp
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-14957 HIGH This Week

In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Cleanup Assistant
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14956 HIGH This Week

In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Cleanup Assistant
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7816 HIGH This Week

A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Daoffice Dava +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-14058 HIGH PATCH This Week

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Fedora Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-5603 HIGH This Week

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5602 HIGH This Week

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5584 HIGH This Week

Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5972 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5970 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-14059 MEDIUM PATCH This Month

An issue was discovered in Squid 5.x before 5.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Squid
NVD
CVSS 3.1
6.5
EPSS
4.4%
CVE-2020-5587 MEDIUM This Month

Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5583 MEDIUM This Month

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-5581 MEDIUM This Month

Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Garoon
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-5969 MEDIUM This Month

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Denial Of Service Nvidia Information Disclosure Virtual Gpu Manager
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-15085 MEDIUM PATCH This Month

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Saleor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-5588 MEDIUM This Month

Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Garoon
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-5586 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-5585 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-15412 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.128. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-5973 MEDIUM This Month

NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Ubuntu Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-15400 MEDIUM PATCH This Month

CakePHP before 4.0.6 mishandles CSRF token generation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Cakephp
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-5582 MEDIUM This Month

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy