Skip to main content
CVE-2020-11553 HIGH POC This Week

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Snmpc Online
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11557 HIGH POC This Week

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Snmpc Online
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11555 HIGH POC This Week

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Snmpc Online
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11554 HIGH POC This Week

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Snmpc Online
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-11655 HIGH POC PATCH This Week

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Sqlite Ontap Select Deploy Administration Utility Debian Linux Ubuntu Linux +14
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2020-8834 MEDIUM POC This Month

{save,restore}_tm, leading to a stack corruption. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Leap
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-8961 CRITICAL Act Now

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Free Antivirus
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-10631 CRITICAL Act Now

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Nms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10625 CRITICAL Act Now

WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess Nms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-10621 CRITICAL Act Now

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Webaccess Nms
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-11656 CRITICAL PATCH Act Now

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Sqlite Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2020-11556 MEDIUM POC This Month

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snmpc Online
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10619 CRITICAL Act Now

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Nms
NVD
CVSS 3.1
9.1
EPSS
14.3%
CVE-2020-10603 HIGH This Week

WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Webaccess Nms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-1895 HIGH This Week

A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Instagram
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-10551 HIGH This Week

QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Qqbrowser
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-10629 HIGH This Week

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webaccess Nms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10617 HIGH This Week

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess Nms
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9499 HIGH This Week

Some Dahua products have buffer overflow vulnerabilities. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Dahua Sd6Al Firmware Sd5A Firmware Sd1A Firmware +16
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2020-11668 HIGH PATCH This Week

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2020-1633 MEDIUM This Month

Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-7922 MEDIUM This Month

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Mongodb Enterprise Kubernetes Operator
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-10623 MEDIUM This Month

Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Nms
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-5263 MEDIUM PATCH This Month

auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Node.js Information Disclosure Auth0 Js
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-9500 MEDIUM This Month

Some products of Dahua have Denial of Service vulnerabilities. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dahua Sd6Al Firmware Sd5A Firmware Sd1A Firmware +16
NVD
CVSS 3.1
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy