Skip to main content
CVE-2020-11651 CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Salt Leap Debian Linux Ubuntu Linux +1
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
96.4%
CVE-2020-7136 CRITICAL POC THREAT Act Now

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Authentication Bypass Smart Update Manager
NVD
CVSS 3.1
9.8
EPSS
79.5%
CVE-2020-5887 CRITICAL Act Now

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2020-5886 CRITICAL Act Now

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-5885 CRITICAL Act Now

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-5884 CRITICAL Act Now

On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-11015 CRITICAL Act Now

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinx Device Api
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy