Skip to main content
CVE-2020-4272 HIGH POC This Week

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE IBM Path Traversal Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-2944 HIGH POC PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Oracle Solaris
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-4270 HIGH POC This Week

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-1027 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2020-2851 HIGH POC This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Rated high severity (CVSS 7.8). Public exploit code available and no vendor patch available.

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-4269 HIGH POC This Week

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-3251 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
8.8
EPSS
61.5%
CVE-2020-3239 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
8.8
EPSS
73.6%
CVE-2020-11666 HIGH This Week

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ca Api Developer Portal
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-11788 HIGH This Week

Certain NETGEAR devices are affected by authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass D6200 Firmware D7000 Firmware Pr2000 Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-0578 HIGH This Week

Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Compute Module Mfs2600Ki Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0577 HIGH This Week

Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Compute Module Mfs2600Ki Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-1020 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe Memory Corruption RCE +16
NVD
CVSS 3.1
8.8
EPSS
65.0%
CVE-2020-0981 HIGH PATCH This Week

A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-0979 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office 365 Proplus
NVD
CVSS 3.1
8.8
EPSS
11.3%
CVE-2020-0974 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-0971 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
13.2%
CVE-2020-0967 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
8.8
EPSS
11.4%
CVE-2020-0966 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Internet Explorer
NVD
CVSS 3.1
8.8
EPSS
11.4%
CVE-2020-0964 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
16.7%
CVE-2020-0950 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2020-0949 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2020-0948 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2020-0932 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
31.2%
CVE-2020-0931 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Business Productivity Servers Sharepoint Enterprise Server +2
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-0929 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.7%
CVE-2020-0920 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2020-0906 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Excel Office Office 365 Proplus
NVD
CVSS 3.1
8.8
EPSS
11.3%
CVE-2020-0760 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Access Excel Office +7
NVD
CVSS 3.1
8.8
EPSS
8.6%
CVE-2020-0687 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
18.9%
CVE-2020-2902 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Oracle Memory Corruption Vm Virtualbox Leap
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-11770 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection D6220 Firmware D6400 Firmware D8500 Firmware +23
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-10514 HIGH This Week

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dvr Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-10512 HIGH This Week

HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Oaklouds Ccm Il
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-1632 HIGH This Week

In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-2959 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
8.6
EPSS
2.6%
CVE-2020-2838 HIGH This Week

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Customer Relationship Management Gateway For Mobile Devices
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2020-2776 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-2863 HIGH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Advanced Outbound Telephony
NVD
CVSS 3.1
8.5
EPSS
1.1%
CVE-2020-0910 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
8.4
EPSS
9.0%
CVE-2020-2805 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +18
NVD
CVSS 3.1
8.3
EPSS
4.1%
CVE-2020-2803 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +18
NVD
CVSS 3.1
8.3
EPSS
6.2%
CVE-2020-2908 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-2905 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2020-2890 HIGH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-2885 HIGH This Week

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Document Management And Collaboration
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2881 HIGH This Week

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2880 HIGH This Week

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: OTA Training Activities). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Learning Management
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2879 HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2878 HIGH This Week

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Mail). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Isupport
NVD
CVSS 3.1
8.2
EPSS
1.3%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy