Skip to main content
CVE-2020-6061 CRITICAL POC Act Now

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Coturn Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-8441 CRITICAL POC Act Now

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Jyaml
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-3153 MEDIUM POC KEV THREAT This Month

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
6.5
EPSS
28.3%
CVE-2020-6062 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Coturn Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2020-6970 CRITICAL Act Now

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Openenterprise Scada Server
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-3943 CRITICAL Act Now

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vrealize Operations
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-8824 MEDIUM POC This Month

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coda 4582U Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3158 CRITICAL Act Now

A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Smart Software Manager On Prem
NVD
CVSS 3.1
9.1
EPSS
2.6%
CVE-2020-3114 HIGH This Week

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Data Center Network Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-3112 HIGH This Week

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Data Center Network Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-3944 HIGH This Week

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vrealize Operations
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-8959 HIGH This Week

Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sandiskssddashboardsetup Exe Westerndigitalssddashboardsetup Exe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4204 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Microsoft Db2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-3945 HIGH PATCH This Week

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vrealize Operations
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-4135 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Microsoft Db2 Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-3138 MEDIUM This Month

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-4230 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Microsoft Db2
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-7942 MEDIUM PATCH This Month

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Puppet Agent
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4200 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-4161 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-3159 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Finesse
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3156 MEDIUM This Month

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-3163 MEDIUM This Month

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Unified Contact Center Enterprise
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-3132 MEDIUM This Month

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Cloud Email Security Email Security Appliance
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2020-3113 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3160 MEDIUM This Month

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meeting Server
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-3154 MEDIUM This Month

A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Cloud Web Security
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy