Skip to main content
CVE-2020-3952 CRITICAL POC KEV THREAT Act Now

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass VMware Vcenter Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
90.4%
CVE-2020-11002 HIGH POC PATCH This Week

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java RCE Dropwizard Validation
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2020-11694 HIGH POC This Week

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Apple Pycharm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5330 HIGH POC THREAT This Week

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure R1 2210 Firmware R1 2401 Firmware Pc5500 Firmware +2
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
12.9%
CVE-2020-4362 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-11647 HIGH PATCH This Week

In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-6765 HIGH PATCH This Week

D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection D-Link Dsl Gs225 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-5406 MEDIUM This Month

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware Tanzu Application Service For Vms
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-1801 MEDIUM This Month

There is an improper authentication vulnerability in several smartphones. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Mate 30 Pro Firmware Mate 30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-11669 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Leap Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8832 MEDIUM This Month

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Linux Intel Information Disclosure Ubuntu Linux +31
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9056 MEDIUM This Month

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Buyspeed
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-1802 MEDIUM This Month

There is an insufficient integrity validation vulnerability in several products. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Osca 550 Firmware Osca 550A Firmware Osca 550Ax Firmware Osca 550X Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-5303 LOW PATCH Monitor

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Tendermint
NVD GitHub
CVSS 3.1
3.7
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy