Skip to main content
CVE-2020-9015 CRITICAL POC THREAT Emergency

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dcs 7050Qx 32S R Firmware Dcs 7050Cx3 32S R Firmware Dcs 7280Sram 48C6 R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.5%
CVE-2020-9283 HIGH POC PATCH THREAT This Week

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Package Ssh Debian Linux
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
21.1%
CVE-2020-3765 CRITICAL PATCH Act Now

Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe After Effects
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-8990 CRITICAL PATCH Act Now

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Ibi My Cloud Home
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2020-5242 HIGH PATCH This Week

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openhab
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-9273 HIGH This Week

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Proftpd Debian Linux +5
NVD GitHub
CVSS 3.1
8.8
EPSS
12.0%
CVE-2020-9308 HIGH PATCH This Week

archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libarchive Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-8601 HIGH This Week

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Vulnerability Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-6968 HIGH This Week

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Honeywell Privilege Escalation Inncom Inncontrol Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3764 HIGH PATCH This Week

Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
5.1%
CVE-2020-9272 HIGH PATCH This Week

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Proftpd Simatic Net Cp 1543 1 Firmware Simatic Net Cp 1545 1 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-9318 HIGH This Week

Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sql Monitor
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-6977 MEDIUM This Month

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vivid E95 Firmware Vivid E90 Firmware Vivid S70N Firmware Vivid T8 Firmware +12
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-8960 MEDIUM This Month

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mycloud Com
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-9320 MEDIUM This Month

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Anti Malware Sdk Antivirus Server Avira Antivirus For Endpoint +5
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2020-9003 MEDIUM This Month

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Modula Image Gallery
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy