Skip to main content
CVE-2020-11498 HIGH POC PATCH This Week

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Nebula
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-11107 HIGH POC THREAT This Week

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Xampp
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
22.5%
CVE-2020-8835 HIGH POC PATCH This Week

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Fedora +25
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2020-8015 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Exim
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9349 HIGH POC This Week

The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tv 288Zd 2Mp Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-11450 HIGH POC PATCH THREAT This Week

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microstrategy Web
NVD
CVSS 3.1
7.5
EPSS
17.8%
CVE-2020-8423 HIGH POC This Week

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE TP-Link Tl Wr841n Firmware
NVD
CVSS 3.1
7.2
EPSS
9.3%
CVE-2020-11451 HIGH POC PATCH This Week

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload SSRF Microstrategy Web
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-11490 HIGH POC This Week

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zen Load Balancer
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-8016 HIGH POC This Week

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Texlive Filesystem
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-11444 HIGH PATCH This Week

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Nexus
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2020-11100 HIGH This Week

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Haproxy Debian Linux +4
NVD
CVSS 3.1
8.8
EPSS
60.7%
CVE-2020-9067 HIGH This Week

There is a buffer overflow vulnerability in some Huawei products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Smartax Ma5600T Firmware Smartax Ma5800 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy