Skip to main content
CVE-2020-10569 CRITICAL POC Act Now

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload On Premise
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-1967 HIGH POC PATCH THREAT This Week

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service OpenSSL Debian Linux Freebsd +23
NVD GitHub
CVSS 3.1
7.5
EPSS
53.3%
CVE-2020-11967 CRITICAL Act Now

In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-11966 CRITICAL Act Now

In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-11965 CRITICAL Act Now

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-11963 CRITICAL Act Now

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-10787 HIGH This Week

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Vesta Control Panel
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-10786 HIGH PATCH This Week

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vesta Control Panel
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2020-1757 HIGH PATCH This Week

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Undertow Jboss Data Grid Jboss Enterprise Application Platform Jboss Fuse +2
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2020-8895 HIGH This Week

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Earth
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11958 HIGH PATCH This Week

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Re2C Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-12051 HIGH PATCH This Week

The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11008 HIGH PATCH This Week

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Git Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-1699 HIGH This Week

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ceph Ceph Storage
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-11828 HIGH This Week

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11968 HIGH This Week

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iqrouter Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-11964 HIGH This Week

In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iqrouter Firmware
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-5268 HIGH PATCH This Week

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
7.3
EPSS
1.1%
CVE-2020-8099 MEDIUM This Month

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Antivirus 2020
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-11891 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-11890 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2020-11889 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-5301 LOW PATCH Monitor

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Microsoft Information Disclosure Simplesamlphp
NVD GitHub
CVSS 3.1
3.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy