Skip to main content
CVE-2020-11610 HIGH POC This Week

An issue was discovered in xdLocalStorage through 2.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cross Domain Local Storage
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-11561 HIGH POC This Week

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Invoice
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-7613 HIGH POC PATCH This Week

clamscan through 1.2.0 is vulnerable to Command Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Clamscan
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2020-11560 HIGH POC This Week

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Express Invoice
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-7615 HIGH POC PATCH This Week

fsa through 0.5.1 is vulnerable to Command Injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Fsa
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-5734 HIGH POC THREAT This Week

Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Dameware
NVD
CVSS 3.1
7.5
EPSS
25.1%
CVE-2020-11619 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization Jackson Databind Debian Linux Active Iq Unified Manager +18
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.3%
CVE-2020-11620 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Deserialization Jackson Databind Debian Linux Active Iq Unified Manager +15
NVD GitHub
CVSS 3.1
8.1
EPSS
5.6%
CVE-2020-11612 HIGH PATCH This Week

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Netty Debian Linux Fedora Oncommand Api Services +9
NVD GitHub
CVSS 3.1
7.5
EPSS
9.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy