Skip to main content
CVE-2020-8949 HIGH POC This Week

Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection S2A Wl Firmware S2A Firmware S3A K2P Mtk Firmware S3A Firmware +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-8946 HIGH POC This Week

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wf2471 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-8950 HIGH POC This Week

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Amd Information Disclosure User Experience Program
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-8945 HIGH POC PATCH This Week

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Memory Corruption Docker RCE Gpgme +8
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-8815 HIGH POC PATCH This Week

Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bearftp
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8947 HIGH POC THREAT This Week

functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Pandora Fms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
22.5%
CVE-2020-1977 HIGH This Week

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Expedition Migration Tool
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-1975 HIGH This Week

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6188 HIGH This Week

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4 Hana
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2123 HIGH PATCH This Week

Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Radargun
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-2121 HIGH PATCH This Week

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Kubernetes RCE Jenkins Google Kubernetes Engine
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-2120 HIGH PATCH This Week

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Fitnesse
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2116 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Pipeline Github Notify Step
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2115 HIGH PATCH This Week

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nunit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2110 HIGH PATCH This Week

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Script Security
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-2109 HIGH PATCH This Week

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Pipeline
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-8892 HIGH PATCH This Week

An issue was discovered in MISP before 2.4.121. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-8893 HIGH PATCH This Week

An issue was discovered in MISP before 2.4.121. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-6186 HIGH This Week

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7046 HIGH This Week

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dovecot Fedora
NVD
CVSS 3.1
7.5
EPSS
51.3%
CVE-2020-2114 HIGH PATCH This Week

Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5399 HIGH This Week

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Credhub Cloud Foundry Cf Deployment
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-8595 HIGH PATCH This Week

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Istio Openshift Service Mesh
NVD GitHub
CVSS 3.1
7.3
EPSS
2.6%
CVE-2020-6192 HIGH This Week

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Landscape Management
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-6191 HIGH This Week

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Landscape Management
NVD
CVSS 3.1
7.2
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy