Skip to main content
CVE-2020-6072 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libmicrodns Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-8986 CRITICAL Act Now

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Zendto
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7007 CRITICAL Act Now

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-6991 CRITICAL Act Now

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-6981 CRITICAL Act Now

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eds G516E Firmware Eds 510E Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-6995 CRITICAL Act Now

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware +52
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-6985 CRITICAL Act Now

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware +51
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6989 CRITICAL Act Now

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware +53
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10850 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-10849 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-10848 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-10837 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-10836 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-10835 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10938 CRITICAL Act Now

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-1747 CRITICAL PATCH Act Now

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Pyyaml Fedora Leap +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2020-6972 CRITICAL Act Now

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Authentication Bypass Notifier Webserver
NVD
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy