Skip to main content
CVE-2020-7357 CRITICAL POC THREAT Emergency

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cms Se Firmware Cms Se Lxc Firmware Cms 60 Firmware Cms 40 Firmware +2
NVD GitHub
CVSS 3.1
9.9
EPSS
33.9%
CVE-2020-7356 CRITICAL POC PATCH THREAT Act Now

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Xpost
NVD GitHub
CVSS 3.1
9.8
EPSS
14.0%
CVE-2020-7361 HIGH POC THREAT Act Now

The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Command Injection Zentao Pro
NVD GitHub
CVSS 3.1
8.8
EPSS
17.2%
CVE-2020-7352 HIGH POC PATCH Act Now

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Galaxy
NVD GitHub
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-13793 CRITICAL Act Now

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Dsm Netinst
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12441 CRITICAL Act Now

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Desktop Server Management Service Manager Heat Remote Control
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-15701 MEDIUM POC This Month

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apport Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11937 MEDIUM POC This Month

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Whoopsie
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-13365 HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-13364 HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-16229 HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-16217 HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-16215 HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-16213 HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-16207 HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-7817 HIGH This Week

MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure K Upload
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15114 HIGH PATCH This Week

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Etcd Fedora
NVD GitHub
CVSS 3.1
7.7
EPSS
1.2%
CVE-2020-15115 HIGH PATCH This Week

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Etcd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-16845 HIGH PATCH This Week

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Leap Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2020-15702 HIGH This Week

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Apport Ubuntu Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-7460 HIGH This Week

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2020-7459 MEDIUM This Month

In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-15136 MEDIUM PATCH This Month

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Etcd Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-16211 MEDIUM This Month

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
5.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy