Skip to main content
CVE-2020-5902 CRITICAL POC KEV THREAT Emergency

F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary system commands with root privileges through crafted URL requests.

NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2020-13381 CRITICAL POC THREAT Emergency

openSIS through 7.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
59.0%
CVE-2020-13382 CRITICAL POC THREAT Emergency

openSIS through 7.4 has Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opensis
NVD GitHub
CVSS 3.1
9.1
EPSS
52.8%
CVE-2020-13383 HIGH POC PATCH THREAT Act Now

openSIS through 7.4 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
69.6%
CVE-2020-15468 CRITICAL POC Act Now

Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Persian Vip Download Script
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-15473 CRITICAL POC PATCH Act Now

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ndpi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-15471 CRITICAL POC PATCH Act Now

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ndpi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-7688 HIGH POC PATCH This Week

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Mversion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-6089 HIGH POC This Week

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-15478 HIGH POC This Week

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Journal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.7%
CVE-2020-15476 HIGH POC PATCH This Week

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Oracle Information Disclosure Ndpi Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-15500 MEDIUM POC PATCH THREAT This Month

An issue was discovered in server.js in TileServer GL through 3.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tileservergl
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
12.2%
CVE-2020-15490 CRITICAL Act Now

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-15489 CRITICAL Act Now

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-14057 CRITICAL Act Now

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Monsta Ftp
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-14056 CRITICAL Act Now

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Monsta Ftp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-13619 CRITICAL Act Now

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection PHP Locutus Php
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13380 CRITICAL PATCH Act Now

openSIS before 7.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-15475 CRITICAL PATCH Act Now

In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Ndpi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15474 CRITICAL PATCH Act Now

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Ndpi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-5901 CRITICAL Act Now

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nginx Nginx Controller
NVD
CVSS 3.1
9.6
EPSS
1.5%
CVE-2020-15472 CRITICAL PATCH Act Now

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ndpi Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-5904 HIGH This Week

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-5900 HIGH This Week

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nginx Nginx Controller
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14166 MEDIUM POC This Month

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira Service Desk
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2020-5906 HIGH This Week

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-12498 HIGH This Week

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Pc Worx Pc Worx Express
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-12497 HIGH This Week

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Pc Worx Pc Worx Express
NVD
CVSS 3.1
7.8
EPSS
14.7%
CVE-2020-5899 HIGH This Week

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-4363 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE IBM Microsoft Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8663 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-4420 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12605 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-12604 HIGH PATCH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-7689 HIGH PATCH This Week

Data is truncated wrong when its length is greater than 255 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Node Bcrypt Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12603 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-14167 HIGH This Week

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5907 HIGH This Week

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-5238 MEDIUM PATCH This Month

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Github Flavored Markdown Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-2500 MEDIUM This Month

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Information Disclosure Helpdesk
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-4376 MEDIUM PATCH This Month

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-14055 MEDIUM This Month

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monsta Ftp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5903 MEDIUM This Month

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-4022 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-14169 MEDIUM This Month

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14164 MEDIUM This Month

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Software Data Center
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14168 MEDIUM This Month

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-5908 MEDIUM This Month

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15470 MEDIUM This Month

ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ffjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-4024 MEDIUM This Month

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy