Skip to main content
CVE-2020-12134 CRITICAL POC Act Now

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Centaur Titansma
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-6819 HIGH POC KEV THREAT This Week

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-12128 HIGH POC This Week

DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Transfer Ifamily
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-12131 MEDIUM POC This Month

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Airdisk Pro
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12130 MEDIUM POC This Month

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Airdisk Pro
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12129 MEDIUM POC This Month

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Airdisk Pro
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7133 CRITICAL Act Now

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hpe Iot Gcp
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-6826 CRITICAL Act Now

Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-6825 CRITICAL Act Now

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-6823 CRITICAL Act Now

A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-5868 CRITICAL Act Now

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Big Iq Centralized Management
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-12135 MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie C Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-12063 MEDIUM POC This Month

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Postfix
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-5869 CRITICAL Act Now

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Iq Centralized Management
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-11013 MEDIUM POC PATCH This Month

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
5.0
EPSS
1.3%
CVE-2020-7131 CRITICAL Act Now

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Information Disclosure Blade Maintenance Entity Integrated Maintenance Entity +1
NVD
CVSS 3.1
9.0
EPSS
1.1%
CVE-2020-6822 HIGH This Week

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-6820 HIGH KEV THREAT This Week

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
6.3%
CVE-2020-5870 HIGH This Week

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Iq Centralized Management
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-12070 HIGH This Week

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Advanced Woo Search
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11004 HIGH PATCH This Week

SQL Injection was discovered in Admidio before version 3.3.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Admidio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-6828 HIGH This Week

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Mozilla Path Traversal Firefox Esr
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-6821 HIGH This Week

When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7134 MEDIUM This Month

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hpe Iot Gcp
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4267 MEDIUM This Month

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-6213 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12245 MEDIUM PATCH This Month

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Grafana
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-12137 MEDIUM This Month

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailman Debian Linux Fedora Ubuntu Linux +2
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-12132 MEDIUM This Month

Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S A M I
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-1741 MEDIUM This Month

A flaw was found in openshift-ansible. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-6212 MEDIUM This Month

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-6827 MEDIUM This Month

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox Esr
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2020-6824 LOW Monitor

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Session Fixation Information Disclosure Firefox
NVD
CVSS 3.1
2.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy