Skip to main content
CVE-2020-5763 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ht801 Firmware Ht802 Firmware Ht812 Firmware Ht814 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-13699 HIGH POC THREAT This Week

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Teamviewer
NVD GitHub
CVSS 3.1
8.8
EPSS
25.9%
CVE-2020-4463 HIGH POC PATCH THREAT This Week

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Maximo Asset Management
NVD
CVSS 3.1
8.2
EPSS
31.6%
CVE-2020-16143 HIGH POC This Week

The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seafile Client
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5760 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ht801 Firmware Ht802 Firmware Ht812 Firmware Ht814 Firmware +2
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2020-5762 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ht801 Firmware Ht802 Firmware Ht812 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-5761 HIGH POC This Week

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ht801 Firmware Ht802 Firmware Ht812 Firmware Ht814 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-16118 HIGH POC PATCH This Week

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Balsa Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-15098 HIGH PATCH This Week

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Deserialization Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-14488 HIGH This Week

OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Openclinic Ga
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-14486 HIGH This Week

An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openclinic Ga
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-14493 HIGH This Week

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openclinic Ga
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-14490 HIGH This Week

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Openclinic Ga
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-15099 HIGH PATCH This Week

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE PHP Typo3
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15125 HIGH PATCH This Week

In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Auth0 Js
NVD GitHub
CVSS 3.1
7.7
EPSS
1.5%
CVE-2020-4574 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Brute Force Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-2077 HIGH This Week

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Package Analytics
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-14489 HIGH This Week

OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openclinic Ga
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy