Skip to main content
CVE-2020-24650 CRITICAL Act Now

A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-24649 CRITICAL Act Now

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-24648 CRITICAL Act Now

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2020-24647 CRITICAL Act Now

A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-24646 CRITICAL Act Now

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2020-24629 CRITICAL Act Now

A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intelligent Management Center
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13937 MEDIUM POC PATCH THREAT This Month

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Kylin
NVD
CVSS 3.1
5.3
EPSS
78.3%
CVE-2020-7195 HIGH This Week

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7194 HIGH This Week

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7193 HIGH This Week

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7192 HIGH This Week

A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7191 HIGH This Week

A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7190 HIGH This Week

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7189 HIGH This Week

A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7188 HIGH This Week

A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7187 HIGH This Week

A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7186 HIGH This Week

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7185 HIGH This Week

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7184 HIGH This Week

A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7183 HIGH This Week

A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7182 HIGH This Week

A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7181 HIGH This Week

A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7180 HIGH This Week

A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7179 HIGH This Week

A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7178 HIGH This Week

A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7177 HIGH This Week

A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7176 HIGH This Week

A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7175 HIGH This Week

A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-7174 HIGH This Week

A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-7173 HIGH This Week

A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-24630 HIGH This Week

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intelligent Management Center
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-9113 HIGH This Week

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Mate 20 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2020-9263 HIGH This Week

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free Huawei +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-9112 HIGH This Week

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Taurus An00B Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-15822 HIGH This Week

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2020-11496 MEDIUM This Month

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Sprecon E
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-15263 MEDIUM PATCH This Month

In platform before version 9.4.4, inline attributes are not properly escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Platform
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10746 MEDIUM This Month

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Infinispan Server Runtime
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2020-26891 MEDIUM PATCH This Month

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Synapse
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-8929 MEDIUM PATCH This Month

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tink Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-15910 MEDIUM This Month

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure N Central
NVD
CVSS 3.1
4.7
EPSS
5.5%
CVE-2020-9092 MEDIUM This Month

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Mate 20 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-9111 MEDIUM This Month

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service E6878 370 Firmware E6878 870 Firmware
NVD
CVSS 3.1
4.5
EPSS
0.3%
CVE-2020-15245 MEDIUM PATCH This Month

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sylius
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-15262 LOW PATCH Monitor

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Webpack Subresource Integrity
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy