Skip to main content
CVE-2020-12028 HIGH POC THREAT Act Now

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell Privilege Escalation Factorytalk View
NVD
CVSS 3.1
8.1
EPSS
51.0%
CVE-2020-12029 HIGH POC THREAT Act Now

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell RCE Factorytalk View
NVD
CVSS 3.1
7.8
EPSS
45.0%
CVE-2020-6103 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Amd Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2020-6102 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Amd Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2020-6101 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Amd Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2020-6100 CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Amd VMware Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.1%
CVE-2020-15123 CRITICAL POC PATCH Act Now

In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Command Injection Codecov
NVD GitHub
CVSS 3.1
9.3
EPSS
3.8%
CVE-2020-15052 HIGH POC This Week

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Artica Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8214 HIGH POC PATCH This Week

A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Servey
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8205 HIGH POC PATCH This Week

The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Uppy
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12027 MEDIUM POC THREAT This Month

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell Information Disclosure Factorytalk View
NVD GitHub
CVSS 3.1
4.3
EPSS
53.0%
CVE-2020-15053 MEDIUM POC This Month

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-7680 MEDIUM POC PATCH This Month

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Docsify
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.5%
CVE-2020-6871 CRITICAL Act Now

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte R8500G4 Firmware R5500G4 Firmware R5300G4 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-14494 CRITICAL Act Now

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openclinic Ga
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-14485 CRITICAL Act Now

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openclinic Ga
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14484 CRITICAL Act Now

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openclinic Ga
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15121 CRITICAL PATCH Act Now

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Radare2 Fedora
NVD GitHub
CVSS 3.1
9.6
EPSS
1.6%
CVE-2020-8215 HIGH PATCH This Week

A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Canvas
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-15841 HIGH PATCH This Week

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-4125 HIGH PATCH This Week

Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Red Hat Marketing Operations
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-15842 HIGH PATCH This Week

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15852 HIGH PATCH This Week

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Linux Privilege Escalation Linux Kernel Xen Cloud Backup +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12031 HIGH This Week

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Rockwell RCE Factorytalk View
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-15009 HIGH This Week

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Screenpad2 Upgrade Tool
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3481 HIGH This Week

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Clamav Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-13932 MEDIUM PATCH This Month

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Artemis
NVD VulDB
CVSS 3.1
6.1
EPSS
2.6%
CVE-2020-14491 MEDIUM This Month

OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openclinic Ga
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4466 MEDIUM PATCH This Month

IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-6872 MEDIUM This Month

The server management software module of ZTE has a storage XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zte R8500G4 Firmware R5500G4 Firmware R5300G4 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4527 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure Planning Analytics
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-3442 MEDIUM PATCH This Month

The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Duoconnect
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2020-15118 MEDIUM PATCH This Month

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Python Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-15111 MEDIUM PATCH This Month

In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Fiber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-1776 MEDIUM PATCH This Month

When an agent user is renamed or set to invalid the session belonging to the user is keept active. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-4361 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy