Skip to main content
CVE-2020-11543 CRITICAL POC Act Now

OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gateway
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-8828 HIGH POC This Week

As of v1.5.0, the default admin password is set to the argocd-server pod name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-5735 HIGH POC KEV THREAT This Week

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow 1080 Lite 8Ch Firmware Amdv10814 H5 Firmware +16
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
35.6%
CVE-2020-10977 MEDIUM POC THREAT This Month

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
5.5
EPSS
42.7%
CVE-2020-8827 HIGH POC PATCH This Week

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-8826 HIGH POC This Week

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10366 HIGH POC This Week

LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Logicaldoc
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-10263 MEDIUM POC This Month

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xiaomi Xiaoai Speaker Pro Lx06 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-10262 MEDIUM POC This Month

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xiaomi Xiaoai Speaker Pro Lx06 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-1625 MEDIUM POC This Month

The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-1614 CRITICAL Act Now

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
10.0
EPSS
1.4%
CVE-2020-1615 CRITICAL Act Now

The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-1992 CRITICAL Act Now

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-10980 CRITICAL Act Now

GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11603 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-11600 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-11630 CRITICAL Act Now

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Ejbca
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10814 MEDIUM POC This Month

A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Code
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-11604 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-5549 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easyblocks Ipv6 Firmware Easyblocks Ipv6 Enterprise Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-11627 HIGH This Week

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ejbca
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-5550 HIGH This Week

Session fixation vulnerability in EasyBlocks IPv6 Ver. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Easyblocks Ipv6 Firmware Easyblocks Ipv6 Enterprise Firmware
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2020-1885 HIGH This Week

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Desktop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-1989 HIGH This Week

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Globalprotect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-1985 HIGH This Week

Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Secdo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-1984 HIGH This Week

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Secdo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-11653 HIGH This Week

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Varnish Cache Backports Sle Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-11650 HIGH PATCH This Week

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Freenas Firmware Truenas Firmware
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-1639 HIGH This Week

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-1638 HIGH This Week

The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1634 HIGH This Week

On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Integer Overflow Junos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1627 HIGH This Week

A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1626 HIGH This Week

A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1617 HIGH This Week

This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-1613 HIGH This Week

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10976 HIGH This Week

GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11605 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-1990 HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-11629 HIGH This Week

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2020-1991 HIGH This Week

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.0 versions before 5.0.8; 6.1 versions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Microsoft Apple Traps
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-2732 MEDIUM PATCH This Month

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-1618 MEDIUM This Month

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-1619 MEDIUM This Month

A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-1988 MEDIUM This Month

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Information Disclosure Globalprotect
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-1637 MEDIUM This Month

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-11000 MEDIUM PATCH This Month

GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Greenbrowser
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5736 MEDIUM This Month

Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service 1080 Lite 8Ch Firmware Amdv10814 H5 Firmware Ipm 721 Firmware +15
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-11631 MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Ejbca
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-10633 MEDIUM This Month

A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ewon Flexy Firmware Ewon Cosy Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11626 MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ejbca
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy