Skip to main content
CVE-2020-11108 HIGH POC THREAT Act Now

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Pi Hole
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
78.3%
CVE-2020-12790 HIGH POC PATCH This Week

In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection PHP Seomatic
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-12783 HIGH POC PATCH This Week

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Authentication Bypass Information Disclosure Exim Fedora +2
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-12760 HIGH PATCH This Week

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Deserialization Opennms Horizon Opennms Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2020-12785 HIGH This Week

cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-10067 HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10058 HIGH PATCH This Week

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10028 HIGH PATCH This Week

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10027 HIGH PATCH This Week

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10024 HIGH PATCH This Week

The arm platform-specific code uses a signed integer comparison when validating system call numbers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-10021 HIGH PATCH This Week

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10019 HIGH PATCH This Week

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-5837 HIGH This Week

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-5836 HIGH This Week

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12754 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12751 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-12749 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11866 HIGH PATCH This Week

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Libemf Fedora +1
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-11865 HIGH PATCH This Week

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libemf Fedora Leap
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-5538 HIGH This Week

Improper Access Control in PALLET CONTROL Ver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Pallet Control
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9840 HIGH This Week

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nioextras
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-12752 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12750 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-12745 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-5835 HIGH This Week

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy