Skip to main content
CVE-2020-11108 HIGH POC THREAT Act Now

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pi Hole
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
78.3%
CVE-2020-12753 CRITICAL POC Act Now

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-12790 HIGH POC PATCH This Week

In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP Seomatic
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-12783 HIGH POC PATCH This Week

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Authentication Bypass Information Disclosure Exim Fedora +2
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-10022 CRITICAL PATCH Act Now

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-12747 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-12746 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12743 CRITICAL PATCH Act Now

An issue was discovered in Gazie 7.32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal PHP Information Disclosure Gazie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12760 HIGH PATCH This Week

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Deserialization Opennms Horizon Opennms Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-12785 HIGH This Week

cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-10067 HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10058 HIGH PATCH This Week

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10028 HIGH PATCH This Week

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10027 HIGH PATCH This Week

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10024 HIGH PATCH This Week

The arm platform-specific code uses a signed integer comparison when validating system call numbers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10021 HIGH PATCH This Week

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10019 HIGH PATCH This Week

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-5837 HIGH This Week

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-5836 HIGH This Week

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12754 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12751 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-12749 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11866 HIGH PATCH This Week

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Libemf Fedora +1
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-11865 HIGH PATCH This Week

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libemf Fedora Leap
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-5538 HIGH This Week

Improper Access Control in PALLET CONTROL Ver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Pallet Control
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9840 HIGH This Week

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nioextras
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-12752 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12750 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-12745 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-5835 HIGH This Week

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-10023 MEDIUM PATCH This Month

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-10060 MEDIUM PATCH This Month

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-11864 MEDIUM PATCH This Month

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Libemf Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-11863 MEDIUM PATCH This Month

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Libemf Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1698 MEDIUM PATCH This Month

A flaw was found in keycloak in versions before 9.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10685 MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine Ansible Tower Ceph Storage +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-7647 MEDIUM PATCH This Month

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jooby
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-5834 MEDIUM This Month

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-12784 MEDIUM This Month

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-12748 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-10059 MEDIUM PATCH This Month

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
4.8
EPSS
1.2%
CVE-2020-1724 MEDIUM PATCH This Month

A flaw was found in Keycloak in versions before 9.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Openshift Application Runtimes Single Sign On
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-5833 LOW Monitor

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy