Skip to main content
CVE-2020-15688 HIGH POC This Week

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goahead
NVD GitHub
CVSS 3.1
8.8
EPSS
4.0%
CVE-2020-15633 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 867 Firmware Dir 878 Firmware Dir 882 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-15632 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE D-Link Dir 842 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-15887 HIGH PATCH This Week

A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Softwareupdate
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15886 HIGH PATCH This Week

A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Reportdata
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15884 HIGH This Week

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Munkireport
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15882 HIGH This Week

{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Munkireport
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-15631 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection D-Link Dap 1860 Firmware
NVD
CVSS 3.1
8.0
EPSS
2.9%
CVE-2020-7516 HIGH PATCH This Week

A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7515 HIGH PATCH This Week

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Easergy Builder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7514 HIGH This Week

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7519 HIGH This Week

A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Easergy Builder
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7518 HIGH This Week

A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easergy Builder
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7491 HIGH This Week

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tricon Tcm 4351 Firmware Tricon Tcm 4352 Firmware Tricon Tcm 4351A Firmware Tricon Tcm 4351B Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10922 HIGH This Week

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C More Hmi Ea9 Firmware
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-10918 HIGH This Week

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C More Hmi Ea9 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-11440 HIGH This Week

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-15908 HIGH PATCH This Week

tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy