Skip to main content
CVE-2020-2555 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager Coherence Commerce Platform +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2020-2551 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
93.2%
CVE-2020-2696 HIGH POC PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-7058 HIGH POC This Week

data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-2096 MEDIUM POC THREAT This Month

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab Jenkins Gitlab Hook
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
89.4%
CVE-2020-2587 CRITICAL PATCH Act Now

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Human Resources
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2020-2586 CRITICAL PATCH Act Now

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Authentication Bypass Human Resources
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2020-2546 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-2098 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Sounds
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-2097 HIGH PATCH This Week

Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Sounds
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-2093 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Health Advisor By Cloudbees
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-2092 HIGH PATCH This Week

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Robot Framework
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-2090 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Amazon Ec2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-1609 HIGH This Week

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-1605 HIGH This Week

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-1602 HIGH This Week

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Juniper RCE Junos
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-1603 HIGH This Week

Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-2656 MEDIUM POC PATCH This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.1
4.4
EPSS
0.6%
CVE-2020-2682 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2020-2674 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2020-2672 HIGH PATCH This Week

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2671 HIGH PATCH This Week

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2670 HIGH PATCH This Week

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2669 HIGH PATCH This Week

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2665 HIGH PATCH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2662 HIGH PATCH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2661 HIGH PATCH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2658 HIGH PATCH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2653 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2652 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2651 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2020-2591 HIGH PATCH This Week

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Web Applications Desktop Integrator
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2582 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2604 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization Commerce Experience Manager Commerce Guided Search +25
NVD
CVSS 3.1
8.1
EPSS
4.9%
CVE-2020-2091 HIGH PATCH This Week

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Amazon Ec2
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-1606 HIGH This Week

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Path Traversal Junos
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-2511 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Database Server
NVD
CVSS 3.1
7.7
EPSS
1.3%
CVE-2020-1929 HIGH PATCH This Week

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Beam
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-2728 HIGH PATCH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-2726 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5).

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2702 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5).

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2701 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Oracle Memory Corruption Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-2698 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5).

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2673 HIGH PATCH This Week

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Testing Suite
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-2565 HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). Rated high severity (CVSS 7.5).

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-2518 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Database Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-2510 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Database Server
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-1608 HIGH This Week

Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1601 HIGH This Week

Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-2556 HIGH PATCH This Week

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
7.3
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy