Skip to main content
CVE-2020-11624 CRITICAL POC Act Now

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Hd838 Firmware Hd438 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15492 CRITICAL POC THREAT Act Now

An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Startup Tools
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
16.6%
CVE-2020-15477 CRITICAL POC Act Now

The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Raspberrytortoise
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-15916 CRITICAL POC Act Now

goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-15688 HIGH POC This Week

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goahead
NVD GitHub
CVSS 3.1
8.8
EPSS
4.0%
CVE-2020-11623 MEDIUM POC This Month

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hd838 Firmware Hd438 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-12638 MEDIUM POC This Month

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Esp Idf Esp8266 Nonos Sdk Esp8266 Rtos Sdk
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-15912 MEDIUM POC This Month

Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model 3 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15391 CRITICAL PATCH Act Now

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Authentication Bypass Devspace
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-15917 CRITICAL Act Now

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Claws Mail Fedora Backports Sle Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-10921 CRITICAL Act Now

This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C More Hmi Ea9 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10920 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass C More Hmi Ea9 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-11625 MEDIUM POC This Month

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hd838 Firmware Hd438 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15633 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 867 Firmware Dir 878 Firmware Dir 882 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-15632 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE D-Link Dir 842 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-15887 HIGH PATCH This Week

A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Softwareupdate
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15886 HIGH PATCH This Week

A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Reportdata
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15884 HIGH This Week

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Munkireport
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15882 HIGH This Week

A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Munkireport
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-15631 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection D-Link Dap 1860 Firmware
NVD
CVSS 3.1
8.0
EPSS
2.9%
CVE-2020-7516 HIGH PATCH This Week

A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7515 HIGH PATCH This Week

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Easergy Builder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7514 HIGH This Week

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7519 HIGH This Week

A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Easergy Builder
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7518 HIGH This Week

A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7491 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tricon Tcm 4351 Firmware Tricon Tcm 4352 Firmware Tricon Tcm 4351A Firmware Tricon Tcm 4351B Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10922 HIGH This Week

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C More Hmi Ea9 Firmware
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-10918 HIGH This Week

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C More Hmi Ea9 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-11440 HIGH This Week

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15908 HIGH PATCH This Week

tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-15883 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Managedinstalls
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15881 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Munki Facts
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-10919 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure C More Hmi Ea9 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-7517 MEDIUM This Month

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8557 MEDIUM PATCH This Month

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-4447 MEDIUM PATCH This Month

IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Filenet Content Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15885 MEDIUM PATCH This Month

A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comment
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-7520 MEDIUM PATCH This Month

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Schneider Electric Microsoft Open Redirect Software Update Utility
NVD
CVSS 3.1
4.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy