Skip to main content
CVE-2020-15645 HIGH POC THREAT This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-15643 HIGH POC THREAT This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
59.3%
CVE-2020-24609 MEDIUM POC This Month

TechKshetra Info Solutions Pvt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Savsoft Quiz
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.8%
CVE-2020-14042 MEDIUM POC This Month

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15639 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.1
9.8
EPSS
11.5%
CVE-2020-16245 CRITICAL Act Now

Advantech iView, Versions 5.7 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
7.7%
CVE-2020-14524 CRITICAL Act Now

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Opc
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14510 CRITICAL Act Now

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14508 CRITICAL Act Now

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Gatemanager 8250 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-14500 CRITICAL Act Now

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-24242 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-24241 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-17400 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-17399 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-17396 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-17392 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-17390 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-17389 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
10.1%
CVE-2020-17388 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Tomcat Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
7.5%
CVE-2020-17387 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
10.1%
CVE-2020-15644 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
9.3%
CVE-2020-15642 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Qconvergeconsole
NVD
CVSS 3.1
8.8
EPSS
7.2%
CVE-2020-24614 HIGH This Week

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fossil Fedora Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-17397 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2020-17395 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2020-24616 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Agile Plm Application Testing Suite +21
NVD GitHub
CVSS 3.1
8.1
EPSS
9.3%
CVE-2020-15777 HIGH PATCH This Week

An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java RCE Privilege Escalation Deserialization Maven
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-17404 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2020-17403 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2020-15641 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-15640 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-14522 HIGH This Week

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14512 HIGH This Week

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-17385 HIGH This Week

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cellos
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-17384 HIGH This Week

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cellos
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-17402 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-17398 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-17393 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-17391 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-7824 MEDIUM This Month

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ipecs
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-17386 MEDIUM This Month

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cellos
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5541 MEDIUM This Month

Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cybermail
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-5540 MEDIUM This Month

Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cybermail
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-17401 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-17394 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-19005 MEDIUM PATCH This Month

zrlog v2.1.0 has a vulnerability with the permission check. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zrlog
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2020-24240 MEDIUM PATCH This Month

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Bison
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-5620 MEDIUM This Month

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exment
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-5619 MEDIUM This Month

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exment
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-24622 MEDIUM This Month

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD
CVSS 3.1
4.9
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy