Skip to main content
CVE-2020-16159 CRITICAL POC Act Now

GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-16158 HIGH POC This Week

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gpmf Parser
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15909 HIGH POC This Week

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure N Central
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-13778 HIGH POC This Week

rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Rconfig
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2020-6085 HIGH POC This Week

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rockwell Denial Of Service Flex I O 1794 Aent
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-6084 HIGH POC This Week

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rockwell Denial Of Service Flex I O 1794 Aent
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-24388 HIGH POC This Week

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yubihsm Shell Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-24387 HIGH POC This Week

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Yubihsm Shell Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-16161 HIGH POC This Week

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpmf Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-16160 HIGH POC This Week

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpmf Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-24266 HIGH POC This Week

An issue was discovered in tcpreplay tcpprep v4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-24265 HIGH POC This Week

An issue was discovered in tcpreplay tcpprep v4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-7745 HIGH POC This Week

This affects the package MintegralAdSDK before 6.6.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mintegraladsdk
NVD
CVSS 3.1
7.1
EPSS
2.6%
CVE-2020-15261 MEDIUM POC PATCH THREAT This Month

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Veyon
NVD GitHub Exploit-DB
CVSS 3.1
6.7
EPSS
11.1%
CVE-2020-24375 MEDIUM POC This Month

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freebox Server Freebox V5 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-15256 CRITICAL PATCH Act Now

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Object Path
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7172 CRITICAL Act Now

A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7171 CRITICAL Act Now

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7170 CRITICAL Act Now

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7169 CRITICAL Act Now

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7168 CRITICAL Act Now

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7167 CRITICAL Act Now

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7166 CRITICAL Act Now

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7165 CRITICAL Act Now

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7164 CRITICAL Act Now

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7163 CRITICAL Act Now

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7162 CRITICAL Act Now

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7161 CRITICAL Act Now

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7160 CRITICAL Act Now

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7159 CRITICAL Act Now

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7158 CRITICAL Act Now

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7157 CRITICAL Act Now

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7156 CRITICAL Act Now

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7155 CRITICAL Act Now

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7154 CRITICAL Act Now

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7153 CRITICAL Act Now

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7152 CRITICAL Act Now

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7151 CRITICAL Act Now

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7150 CRITICAL Act Now

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7149 CRITICAL Act Now

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7148 CRITICAL Act Now

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7147 CRITICAL Act Now

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7146 CRITICAL Act Now

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7145 CRITICAL Act Now

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-7144 CRITICAL Act Now

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7143 CRITICAL Act Now

A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7142 CRITICAL Act Now

A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-7141 CRITICAL Act Now

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-24652 CRITICAL Act Now

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-24651 CRITICAL Act Now

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy