Skip to main content
CVE-2020-9463 HIGH POC This Week

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Centreon
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2020-9442 HIGH POC This Week

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Connect
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9449 HIGH This Week

An insecure random number generation vulnerability in BlaB!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Blab Ax Blab Ax Pro Blab Ws Blab Ws Pro
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-1844 HIGH This Week

PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Huawei Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-1881 HIGH This Week

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware Oceanstor 5310 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1876 HIGH This Week

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1873 HIGH This Week

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1860 HIGH This Week

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-5247 HIGH PATCH This Week

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Puma Ruby Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy