Skip to main content
CVE-2020-14947 HIGH POC PATCH THREAT This Week

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Open Computer Software Inventory Next Generation
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
19.5%
CVE-2020-15397 HIGH POC PATCH This Week

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Hylafax Hylafax Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15396 HIGH POC PATCH This Week

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Privilege Escalation Hylafax Hylafax Enterprise Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15395 HIGH POC This Week

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mediainfo Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-14474 HIGH POC This Week

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ufed Firmware
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9483 HIGH POC THREAT This Week

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Skywalking
NVD GitHub
CVSS 3.1
7.5
EPSS
34.6%
CVE-2020-7049 HIGH POC This Week

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Guardian
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-9414 HIGH This Week

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-15049 HIGH PATCH This Week

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Squid Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-15087 HIGH PATCH This Week

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Presto
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-13095 HIGH This Week

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-5601 HIGH This Week

Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Command Injection E Tax Reception System
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-5580 HIGH This Week

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-5971 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5968 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Nvidia Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14482 HIGH This Week

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Dopsoft
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-4044 HIGH PATCH This Week

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Stack Overflow Xrdp
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-14957 HIGH This Week

In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Cleanup Assistant
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14956 HIGH This Week

In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Cleanup Assistant
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7816 HIGH This Week

A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Daoffice Dava +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-14058 HIGH PATCH This Week

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Fedora Cloud Manager
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-5603 HIGH This Week

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5602 HIGH This Week

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5584 HIGH This Week

Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5972 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not initialized and may be freed later, which may lead to tampering or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-5970 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Virtual Gpu Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy