Skip to main content
CVE-2020-6072 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libmicrodns Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-6080 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmicrodns Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-6079 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmicrodns Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-6078 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmicrodns Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-6077 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libmicrodns Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-6073 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Libmicrodns Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-6071 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmicrodns Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-10931 HIGH POC PATCH THREAT This Week

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memcached
NVD GitHub
CVSS 3.1
7.5
EPSS
28.1%
CVE-2020-6816 MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-6802 MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-8986 CRITICAL Act Now

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Zendto
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7007 CRITICAL Act Now

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-6991 CRITICAL Act Now

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-6981 CRITICAL Act Now

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-6995 CRITICAL Act Now

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware +52
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-6985 CRITICAL Act Now

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware +51
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6989 CRITICAL Act Now

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware +53
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10850 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-10849 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-10848 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-10837 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-10836 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-10835 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10938 CRITICAL Act Now

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-1747 CRITICAL PATCH Act Now

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Pyyaml Fedora Leap +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2020-10385 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
4.4%
CVE-2020-10942 MEDIUM POC PATCH This Month

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. Rated medium severity (CVSS 5.3). Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Leap +2
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-6972 CRITICAL Act Now

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Authentication Bypass Notifier Webserver
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-8985 HIGH This Week

ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Zendto
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-6982 HIGH This Week

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Honeywell Win Pak
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-7005 HIGH This Week

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell RCE CSRF Win Pak
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-4253 HIGH PATCH This Week

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-10852 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-10851 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-10842 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-10841 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-10838 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Use After Free Memory Corruption RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-10832 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-10829 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Broadcom Buffer Overflow Memory Corruption Samsung RCE +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-8984 HIGH This Week

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Zendto
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-7001 HIGH This Week

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-6997 HIGH This Week

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-6979 HIGH This Week

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6993 HIGH This Week

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware +51
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-6987 HIGH This Week

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware +51
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-6983 HIGH This Week

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware +51
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7003 HIGH This Week

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iologik 2512 Firmware Iologik 2512 T Firmware Iologik 2512 Hspa Firmware Iologik 2512 Hspa T Firmware +16
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10854 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-10833 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-10831 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy