Skip to main content
CVE-2020-12504 CRITICAL POC Act Now

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Es7510 Xt Firmware Es8509 Xt Firmware Es8510 Xt Firmware Es9528 Xtv2 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-12501 CRITICAL POC Act Now

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Es7510 Xt Firmware Es8509 Xt Firmware Es8510 Xt Firmware Es9528 Xtv2 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-12500 CRITICAL POC Act Now

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Es7510 Xt Firmware Es8509 Xt Firmware Es8510 Xt Firmware Es9528 Xtv2 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-12502 HIGH POC This Week

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Es7510 Xt Firmware Es8509 Xt Firmware Es8510 Xt Firmware Es9528 Xtv2 Firmware +19
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6108 HIGH POC This Week

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE F2Fs Tools
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2020-6105 HIGH POC This Week

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE F2Fs Tools
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-25858 HIGH POC This Week

The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Qualcomm Mobile Access Point
NVD
CVSS 3.1
7.5
EPSS
9.6%
CVE-2020-12503 HIGH POC THREAT This Week

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Es7510 Xt Firmware Es8509 Xt Firmware Es8510 Xt Firmware Es9528 Xtv2 Firmware +24
NVD
CVSS 3.1
7.2
EPSS
23.3%
CVE-2020-25859 MEDIUM POC This Month

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Qualcomm Command Injection Qcmap
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-6364 CRITICAL Act Now

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Introscope Enterprise Manager
NVD
CVSS 3.1
10.0
EPSS
6.4%
CVE-2020-4499 CRITICAL PATCH Act Now

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Access Manager Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-27156 CRITICAL Act Now

Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Aptare
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-6107 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure F2Fs Tools
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-6106 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure F2Fs Tools
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-6104 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure F2Fs Tools
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-27153 HIGH PATCH This Week

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Bluez Debian Linux Leap
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-7591 HIGH This Week

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siport Mp
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-5642 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Live Chat Live Support
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-7334 HIGH This Week

Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Application And Change Control
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2020-27157 HIGH This Week

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Aptare
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-6374 HIGH This Week

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-6373 HIGH This Week

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-6372 HIGH This Week

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-11637 HIGH This Week

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Automation Runtime
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7327 MEDIUM This Month

Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Mvision Endpoint Detection And Response
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-7326 MEDIUM This Month

Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Active Response
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-21674 MEDIUM PATCH This Month

Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption Libarchive
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11645 MEDIUM This Month

A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-11644 MEDIUM This Month

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-11643 MEDIUM This Month

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-11642 MEDIUM This Month

The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Sitemanager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-11641 MEDIUM This Month

A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Sitemanager
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-6365 MEDIUM This Month

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-6323 MEDIUM This Month

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6319 MEDIUM This Month

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-6376 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-6375 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-15793 MEDIUM This Month

A vulnerability has been identified in Desigo Insight (All versions). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Desigo Insight
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-6368 MEDIUM This Month

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Business Planning And Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-6272 MEDIUM This Month

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Commerce Cloud
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14185 MEDIUM This Month

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-1777 MEDIUM This Month

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-7744 MEDIUM This Month

This affects all versions of package com.mintegral.msdk:alphab. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mintegraladsdk
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-6363 MEDIUM This Month

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-15794 MEDIUM This Month

A vulnerability has been identified in Desigo Insight (All versions). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Desigo Insight
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-15792 MEDIUM This Month

A vulnerability has been identified in Desigo Insight (All versions). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Desigo Insight
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-11646 MEDIUM This Month

A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-6371 MEDIUM This Month

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions -. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy