Skip to main content
CVE-2020-7931 HIGH POC This Week

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Artifactory
NVD GitHub
CVSS 3.1
8.8
EPSS
5.5%
CVE-2020-6007 HIGH POC This Week

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code. Rated high severity (CVSS 7.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Hue Bridge V2 Firmware
NVD
CVSS 3.1
7.9
EPSS
2.1%
CVE-2020-7939 HIGH PATCH This Week

SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Plone
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-7938 HIGH PATCH This Week

plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Plone
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-7940 HIGH PATCH This Week

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Plone
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7220 HIGH PATCH This Week

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy