Skip to main content
CVE-2020-1764 HIGH POC PATCH This Week

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kiali Openshift Service Mesh
NVD
CVSS 3.1
8.6
EPSS
3.5%
CVE-2020-9521 HIGH This Week

An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Service Manager Automation
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-10969 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage Agile Plm +27
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-10968 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage Agile Plm +27
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-9066 HIGH This Week

Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Oxfordp An10B Firmware
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-1800 HIGH This Week

HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-7260 HIGH This Week

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Application And Change Control
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7944 HIGH This Week

In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Continuous Delivery
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2020-4276 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-5129 HIGH This Week

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sonicwall Sma1000 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy