Skip to main content
CVE-2020-9402 HIGH POC PATCH THREAT This Week

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Python SQLi Oracle Django Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
22.5%
CVE-2020-10173 HIGH POC THREAT This Week

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vr 3033 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
76.8%
CVE-2020-10185 HIGH POC This Week

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yubikey One Time Password Validation Server
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-10184 HIGH POC This Week

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Yubikey One Time Password Validation Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9544 HIGH POC This Week

An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-6971 HIGH This Week

In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Valvelink
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5957 HIGH This Week

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Microsoft Quadro Firmware Geforce Experience +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-9418 HIGH This Week

An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdfescape
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4278 HIGH PATCH This Week

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation IBM Platform Lsf Spectrum Computing For High Performance Analytics Spectrum Lsf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6986 HIGH This Week

In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Plc Cj1 Firmware Plc Cj2 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10101 HIGH PATCH This Week

An issue was discovered in Zammad 3.0 through 3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10096 HIGH PATCH This Week

An issue was discovered in Zammad 3.0 through 3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zammad
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10174 HIGH PATCH This Week

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. Rated high severity (CVSS 7.0).

Information Disclosure Timeshift Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy