Skip to main content
CVE-2020-8949 HIGH POC This Week

Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection S2A Wl Firmware S2A Firmware S3A K2P Mtk Firmware S3A Firmware +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-8946 HIGH POC This Week

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wf2471 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-8950 HIGH POC This Week

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Amd Information Disclosure User Experience Program
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-8945 HIGH POC PATCH This Week

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Memory Corruption Docker RCE Gpgme +8
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-8815 HIGH POC PATCH This Week

Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bearftp
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8947 HIGH POC THREAT This Week

functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Pandora Fms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
22.5%
CVE-2020-8839 MEDIUM POC This Month

Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bf 430 Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-8955 CRITICAL PATCH Act Now

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Weechat Fedora Backports Sle +2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-7957 MEDIUM POC This Month

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dovecot Fedora
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-1977 HIGH This Week

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Expedition Migration Tool
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-1975 HIGH This Week

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6188 HIGH This Week

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4 Hana
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2123 HIGH PATCH This Week

Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Radargun
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-2121 HIGH PATCH This Week

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Kubernetes RCE Jenkins Google Kubernetes Engine
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-2120 HIGH PATCH This Week

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Fitnesse
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2116 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Pipeline Github Notify Step
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2115 HIGH PATCH This Week

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nunit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2110 HIGH PATCH This Week

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Script Security
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-2109 HIGH PATCH This Week

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Pipeline
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-8892 HIGH PATCH This Week

An issue was discovered in MISP before 2.4.121. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-8893 HIGH PATCH This Week

An issue was discovered in MISP before 2.4.121. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-6186 HIGH This Week

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7046 HIGH This Week

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dovecot Fedora
NVD
CVSS 3.1
7.5
EPSS
51.3%
CVE-2020-2114 HIGH PATCH This Week

Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5399 HIGH This Week

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Credhub Cloud Foundry Cf Deployment
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-8595 HIGH PATCH This Week

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Istio Openshift Service Mesh
NVD GitHub
CVSS 3.1
7.3
EPSS
2.6%
CVE-2020-6192 HIGH This Week

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Landscape Management
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-6191 HIGH This Week

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Landscape Management
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-8894 MEDIUM PATCH This Month

An issue was discovered in MISP before 2.4.121. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-6183 MEDIUM This Month

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-2133 MEDIUM This Month

Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Applatix
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2132 MEDIUM PATCH This Month

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Parasoft Environment Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2131 MEDIUM This Month

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Harvest Scm
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2130 MEDIUM This Month

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Harvest Scm
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2129 MEDIUM This Month

Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Eagle Tester
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8891 MEDIUM PATCH This Month

An issue was discovered in MISP before 2.4.121. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.4%
CVE-2020-8890 MEDIUM PATCH This Month

An issue was discovered in MISP before 2.4.121. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-6193 MEDIUM This Month

SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Knowledge Management
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-6184 MEDIUM This Month

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver S 4Hana
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-6190 MEDIUM This Month

Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
5.8
EPSS
0.9%
CVE-2020-6181 MEDIUM This Month

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-1976 MEDIUM This Month

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.0.5 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Paloalto Globalprotect
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-6185 MEDIUM This Month

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-2122 MEDIUM PATCH This Month

Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Brakeman
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2113 MEDIUM PATCH This Month

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Git Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2112 MEDIUM PATCH This Month

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Git Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2111 MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Subversion
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-6189 MEDIUM This Month

Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-2119 MEDIUM PATCH This Month

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Jenkins Information Disclosure Azure Ad
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-6975 MEDIUM This Month

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy