Skip to main content
CVE-2020-8830 HIGH POC This Week

CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-8829 HIGH POC This Week

CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cip 92200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-7983 HIGH POC This Week

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-12659 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.6.7. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-5517 MEDIUM POC PATCH This Month

CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF 5209R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-12666 MEDIUM POC PATCH This Month

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Macaron Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-11034 MEDIUM POC PATCH This Month

In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
7.6%
CVE-2020-8033 MEDIUM POC This Month

Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruckus Zoneflex R500 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11036 MEDIUM POC This Month

In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-11035 CRITICAL Act Now

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Glpi Fedora
NVD GitHub
CVSS 3.1
9.3
EPSS
0.8%
CVE-2020-10634 CRITICAL Act Now

SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Net Line Fw 50 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-12104 HIGH This Week

The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Wp Advanced Search
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-12463 HIGH This Week

An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Software Updater
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12657 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.6.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-12653 HIGH PATCH This Week

An issue was found in Linux kernel before 5.5.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Linux Memory Corruption Linux Kernel +21
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12649 HIGH PATCH This Week

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gurbalib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-11033 HIGH This Week

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Glpi Fedora
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-11032 HIGH This Week

In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-12654 HIGH PATCH This Week

An issue was found in Linux kernel before 5.5.4. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.1
EPSS
1.2%
CVE-2020-10859 MEDIUM This Month

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Desktop Central
NVD
CVSS 3.1
6.5
EPSS
4.4%
CVE-2020-10630 MEDIUM This Month

SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Net Line Fw 50 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11737 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-12656 MEDIUM This Month

gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12655 MEDIUM PATCH This Month

An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-12439 MEDIUM PATCH This Month

Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Grin
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-12144 MEDIUM This Month

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2020-12143 MEDIUM This Month

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2020-12142 MEDIUM This Month

1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect For Amazon Web Services Unity Edgeconnect For Azure Unity Edgeconnect For Google Cloud Platform Unity Orchestrator +20
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2020-11051 MEDIUM PATCH This Month

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-8799 MEDIUM This Month

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wti Like Post
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-12652 MEDIUM PATCH This Month

The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition,. Rated medium severity (CVSS 4.1).

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy