Skip to main content
CVE-2020-11113 HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 60.7%.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +29
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
60.7%
CVE-2020-10696 HIGH POC PATCH This Week

A path traversal flaw was found in Buildah in versions before 1.14.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Buildah Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-11112 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +28
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
6.8%
CVE-2020-11441 MEDIUM POC This Month

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Phpmyadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-5344 CRITICAL Act Now

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Dell Idrac7 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-6008 CRITICAL Act Now

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE Lifterlms
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-4208 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-10595 CRITICAL PATCH Act Now

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Pam Krb5 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-7009 HIGH PATCH This Week

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Privilege Escalation Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-5292 HIGH PATCH This Week

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Leantime
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-4242 HIGH PATCH This Week

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Protect Plus Spectrum Scale
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-4241 HIGH PATCH This Week

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Protect Plus Spectrum Scale
NVD
CVSS 3.1
8.8
EPSS
66.3%
CVE-2020-4238 HIGH PATCH This Week

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Tivoli Netcool Impact
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-4237 HIGH PATCH This Week

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Tivoli Netcool Impact
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-4206 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-11111 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Steelstore Cloud Integrated Storage +22
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-5291 HIGH PATCH This Week

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Debian Information Disclosure Bubblewrap Debian Linux Arch Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-1712 HIGH PATCH This Week

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Systemd Ceph Storage +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-4214 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-11414 HIGH This Week

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ui For Silverlight
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-4240 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-4236 MEDIUM PATCH This Month

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Tivoli Netcool Impact
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4235 MEDIUM PATCH This Month

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Netcool Impact
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4239 MEDIUM PATCH This Month

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Netcool Impact
NVD
CVSS 3.1
5.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy