Skip to main content
CVE-2020-11877 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-11876 HIGH POC This Week

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10813 HIGH POC This Week

A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ftpdmin
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7082 HIGH This Week

A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Fbx Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-7081 HIGH This Week

A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Fbx Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-9523 HIGH This Week

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Developer Enterprise Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-11793 HIGH This Week

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +6
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-10947 HIGH This Week

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation Anti Virus For Sophos Central Anti Virus For Sophos Home
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11886 HIGH This Week

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Horizon Meridian
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-0082 HIGH This Week

In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0081 HIGH This Week

In finalize of AssetManager.java, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android Fedora
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0080 HIGH This Week

In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0079 HIGH This Week

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0078 HIGH This Week

In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-7085 HIGH This Week

A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-7080 HIGH This Week

A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-7079 HIGH This Week

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dynamo Bim
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-11875 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-4277 HIGH This Week

IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11874 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-11872 HIGH This Week

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opentrace
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11868 HIGH PATCH This Week

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ntp Enterprise Linux Data Ontap Hci Management Node +13
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-11885 HIGH This Week

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Enterprise Integrator
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-1751 HIGH PATCH This Week

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Rated high severity (CVSS 7.0).

Buffer Overflow RCE Denial Of Service Memory Corruption Glibc +2
NVD
CVSS 3.1
7.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy