Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2020-7563 — Schneider-electric Modicon_tsxety4103_firmware: A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. CVSSv3.1 8.8 (HIGH) · EPSS 78th percentile
CVE-2020-7562 — Schneider-electric Modicon_tsxety4103_firmware: A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. CVSSv3.1 8.1 (HIGH) · EPSS 67th percentile
CVE-2020-28271 — Sharpred Deephas: Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2020-24881 — Enhancesoft Osticket: SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2020-25466 — Crmeb Crmeb: A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2020-26867 — Arcinformatique Pcvue: ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile
CVE-2018-5354 — Anixis Password_reset_client: The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote
The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, CVSSv3.1 8.8 (HIGH) · EPSS 84th percentile
CVE-2018-5353 — Zohocorp Manageengine_adselfservice_plus: The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploit CVSSv3.1 9.8 (CRITICAL) · EPSS 94th percentile
CVE-2020-25514 — Simple_library_management_system_project Simple_library_management_system: Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. CVSSv3.1 8.4 (HIGH) · EPSS 46th percentile
CVE-2020-23451 — Spiceworks Spiceworks: Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile
CVE-2020-15786 — Siemens Simatic_hmi_basic_panels_2nd_generation_firmware: This could allow a remote attacker to discover user passwords and obtain access to
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server v CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile
CVE-2020-24193 — Daily_tracker_system_project Daily_tracker_system: A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile
CVE-2020-9715 — Adobe Acrobat_dc: Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . CVSSv3.1 7.8 (HIGH) · EPSS 99th percentile
CVE-2020-15711 — Misp-project Misp: In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile
CVE-2020-15411 — Misp-project Misp: app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. CVSSv3.1 9.8 (CRITICAL)
CVE-2020-14968 — Kjur Jsrsasign: Also, an attacker might prepend these bytes with the goal of triggering memory corruption
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption is CVSSv3.1 9.8 (CRITICAL) · EPSS 85th percentile
CVE-2020-14967 — Kjur Jsrsasign: An attacker might prepend these bytes with the goal of triggering memory corruption issues.
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues. CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile
CVE-2020-14060 — Fasterxml Jackson-databind: 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). CVSSv3.1 8.1 (HIGH) · EPSS 93th percentile
CVE-2020-14062 — Fasterxml Jackson-databind: 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). CVSSv3.1 8.1 (HIGH) · EPSS 92th percentile
CVE-2020-7489 — Schneider-electric Ecostruxure_machine_expert: A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile
CVE-2020-11619 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). CVSSv3.1 8.1 (HIGH) · EPSS 80th percentile
CVE-2020-11113 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile
CVE-2020-11112 — Fasterxml Jackson-databind: 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). CVSSv3.1 8.8 (HIGH) · EPSS 91th percentile
impacket 0.9.21
Impacket 0.9.21 release adds significant offensive capabilities including keytab file support, gMSA password dumping, LAPS password extraction, Kerberos delegation enumeration, and enhanced NTLM relay attacks with SID-based escalation. New tools like ticketConverter.py, findDelegation.py, and addcomputer.py expand post-exploitation and lateral movement options.
CVE-2020-6990 — Rockwellautomation Micrologix_1400_a_firmware: Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controll CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile