Skip to main content
CVE-2020-6059 HIGH POC This Week

An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Integer Overflow Minisnmpd
NVD
CVSS 3.1
8.2
EPSS
2.6%
CVE-2020-8121 HIGH POC This Week

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-7221 HIGH POC This Week

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Oracle MariaDB
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-6060 HIGH POC This Week

A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Minisnmpd
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8116 HIGH POC PATCH This Week

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Dot Prop
NVD GitHub
CVSS 3.1
7.3
EPSS
3.1%
CVE-2020-8517 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Leap Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-8449 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Squid Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2020-3938 HIGH This Week

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Syuan Gu Da Shin
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3937 HIGH This Week

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Syuan Gu Da Shin
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8450 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Squid Ubuntu Linux Leap Fedora +1
NVD
CVSS 3.1
7.3
EPSS
71.8%
CVE-2020-4163 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
7.2
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy