Skip to main content
CVE-2020-15920 CRITICAL POC THREAT Emergency

There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Eframework
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
98.2%
CVE-2020-15860 CRITICAL POC Act Now

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Remote Application Server
NVD
CVSS 3.1
9.9
EPSS
4.0%
CVE-2020-15922 CRITICAL POC THREAT Act Now

There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Eframework
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.3%
CVE-2020-15921 CRITICAL POC THREAT Act Now

Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Eframework
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
18.3%
CVE-2020-8174 HIGH POC PATCH This Week

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Node Js Banking Extensibility Workbench Blockchain Platform Mysql Cluster +5
NVD
CVSS 3.1
8.1
EPSS
7.6%
CVE-2020-12812 CRITICAL KEV THREAT Emergency

FortiOS SSL-VPN contains an improper authentication vulnerability that allows users to bypass two-factor authentication by changing the case of their username, undermining MFA security controls.

NVD
CVSS 3.1
9.8
EPSS
48.5%
Threat
4.0
CVE-2020-15924 HIGH POC This Week

There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Eframework
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-15923 HIGH POC This Week

Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Eframework
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-15778 HIGH POC THREAT This Week

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Openssh A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
7.4
EPSS
13.0%
CVE-2020-15919 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eframework
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8175 MEDIUM POC PATCH This Month

Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jpeg Js
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-15945 MEDIUM POC PATCH This Month

Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Lua
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15918 MEDIUM POC This Month

Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eframework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8207 HIGH This Week

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Authentication Bypass Citrix +1
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-15932 HIGH This Week

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Overwolf
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-10610 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10608 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-10606 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8326 HIGH This Week

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8317 HIGH This Week

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10600 HIGH This Week

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Pi Data Archive
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-14307 MEDIUM This Month

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Red Hat Amq Jboss Enterprise Application Platform Continuous Delivery +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14297 MEDIUM PATCH This Month

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Amq Jboss Ejb Client Jboss Enterprise Application Platform Continuous Delivery +3
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14175 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-10602 MEDIUM This Month

In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Null Pointer Dereference Denial Of Service Data Archive
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14725 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager
NVD
CVSS 3.1
4.9
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy