Skip to main content
CVE-2020-11877 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-11876 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10813 HIGH POC This Week

A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftpdmin
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11887 MEDIUM POC This Month

svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SSRF Svg2Png
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5733 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5732 MEDIUM POC This Month

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Open Redirect Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5731 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5730 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5729 MEDIUM POC This Month

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5728 MEDIUM POC This Month

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openmrs
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-0073 CRITICAL Act Now

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-0072 CRITICAL Act Now

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-0071 CRITICAL Act Now

In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-0070 CRITICAL Act Now

In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-11878 CRITICAL Act Now

The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Meet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-11873 CRITICAL Act Now

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-10377 CRITICAL Act Now

A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect Client
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-10211 CRITICAL Act Now

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-11883 MEDIUM POC PATCH THREAT This Month

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Storefront Api Vue Storefront Api
NVD GitHub
CVSS 3.1
5.3
EPSS
15.2%
CVE-2020-7082 HIGH This Week

A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Fbx Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-7081 HIGH This Week

A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Fbx Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-9523 HIGH This Week

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Developer Enterprise Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-11793 HIGH This Week

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +6
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-10947 HIGH This Week

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation Anti Virus For Sophos Central Anti Virus For Sophos Home
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11886 HIGH This Week

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Horizon Meridian
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-0082 HIGH This Week

In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0081 HIGH This Week

In finalize of AssetManager.java, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android Fedora
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0080 HIGH This Week

In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0079 HIGH This Week

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0078 HIGH This Week

In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-7085 HIGH This Week

A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-7080 HIGH This Week

A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-7079 HIGH This Week

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dynamo Bim
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11875 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-4277 HIGH This Week

IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11874 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-11872 HIGH This Week

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opentrace
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11868 HIGH PATCH This Week

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ntp Enterprise Linux Data Ontap Hci Management Node +13
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-11885 HIGH This Week

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Enterprise Integrator
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-1751 HIGH PATCH This Week

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Rated high severity (CVSS 7.0).

Buffer Overflow RCE Denial Of Service Memory Corruption Glibc +2
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-0076 MEDIUM This Month

In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-7083 MEDIUM This Month

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fbx Software Development Kit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-11880 MEDIUM PATCH This Month

An issue was discovered in KDE KMail before 19.12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kmail
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-11879 MEDIUM This Month

An issue was discovered in GNOME Evolution before 3.35.91. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-7084 MEDIUM This Month

A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fbx Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-5737 MEDIUM PATCH This Month

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tenable Sc
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-0077 MEDIUM This Month

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-0075 MEDIUM This Month

In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-0068 MEDIUM This Month

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-0067 MEDIUM This Month

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android Ubuntu Linux
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy