Skip to main content
CVE-2020-12028 HIGH POC THREAT Act Now

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell Privilege Escalation Factorytalk View
NVD
CVSS 3.1
8.1
EPSS
51.0%
CVE-2020-12029 HIGH POC THREAT Act Now

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell RCE Factorytalk View
NVD
CVSS 3.1
7.8
EPSS
45.0%
CVE-2020-15052 HIGH POC This Week

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Artica Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8214 HIGH POC PATCH This Week

A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Servey
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8205 HIGH POC PATCH This Week

The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Uppy
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8215 HIGH PATCH This Week

A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Canvas
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-15841 HIGH PATCH This Week

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-4125 HIGH PATCH This Week

Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Red Hat Marketing Operations
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-15842 HIGH PATCH This Week

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15852 HIGH PATCH This Week

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Linux Privilege Escalation Linux Kernel Xen Cloud Backup +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12031 HIGH This Week

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Rockwell RCE Factorytalk View
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-15009 HIGH This Week

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Screenpad2 Upgrade Tool
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3481 HIGH This Week

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Clamav Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy