Skip to main content
CVE-2020-11941 HIGH POC This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-12138 HIGH POC This Week

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amd Atillk64
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-12242 HIGH POC This Week

Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Source
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-7067 HIGH POC PATCH This Week

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +1
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-12120 HIGH POC This Week

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Correos Express
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12273 HIGH POC PATCH This Week

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Testlink
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-1762 HIGH PATCH This Week

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Kiali Openshift Service Mesh
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2020-10996 HIGH This Week

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xtradb Cluster
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-7135 HIGH This Week

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Service Pack For Proliant
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-9481 HIGH PATCH This Week

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12266 HIGH This Week

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wl Wn579G3 Firmware Wl Wn575A3 Firmware Wl Wn530Hg4 Firmware Wn531G3 Firmware +11
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-10664 HIGH This Week

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1806 HIGH This Week

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor V10 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-1805 HIGH This Week

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor V10 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-1804 HIGH This Week

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Honor V10 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy