Skip to main content
CVE-2020-15505 CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Core Enterprise Connector Monitor And Reporting Database Sentry
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2020-8521 CRITICAL POC Act Now

SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpzag
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8520 CRITICAL POC Act Now

SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpzag
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8519 CRITICAL POC Act Now

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpzag
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-12821 CRITICAL POC PATCH Act Now

Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gossipsub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-15367 CRITICAL POC Act Now

Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supravizio Bpm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-15600 MEDIUM POC This Month

An issue was discovered in CMSUno before 1.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cmsuno
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-15599 MEDIUM POC This Month

Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Victor Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-11882 MEDIUM POC This Month

The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect O2 Business
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4077 CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2020-15350 CRITICAL PATCH Act Now

RIOT 2020.04 has a buffer overflow in the base64 decoder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-5599 CRITICAL Act Now

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Coreos
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-5595 CRITICAL Act Now

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Coreos
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-15506 CRITICAL Act Now

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Core Enterprise Connector Reporting Database +1
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-15037 MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15036 MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15392 MEDIUM POC This Month

A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supravizio Bpm
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4076 CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%
CVE-2020-15515 HIGH PATCH This Week

The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Turn
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15565 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Intel Amd Xen +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-15567 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation Intel Amd +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15008 HIGH This Week

A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Connectwise Automate
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15579 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-15576 HIGH This Week

SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-15574 HIGH This Week

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-10745 HIGH This Week

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-5600 HIGH This Week

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coreos
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-5598 HIGH This Week

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Coreos
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5597 HIGH This Week

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Coreos
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-5596 HIGH This Week

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Coreos
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-15507 HIGH This Week

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Core Enterprise Connector Reporting Database +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-4075 HIGH PATCH This Week

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Electron
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12736 HIGH This Week

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code42
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-15096 MEDIUM PATCH This Month

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-15509 MEDIUM PATCH This Month

Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android Ble Library Dfu Library
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10730 MEDIUM This Month

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Red Hat Samba +4
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-15566 MEDIUM This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15564 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15563 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Debian Linux Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15575 MEDIUM This Month

SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serv U
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-15573 MEDIUM This Month

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serv U
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-8916 MEDIUM PATCH This Month

A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Wpantund
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15584 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15583 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-15582 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15580 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-15578 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-15577 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-15035 MEDIUM PATCH This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15034 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy