Skip to main content
CVE-2020-12823 CRITICAL POC PATCH Act Now

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Openconnect Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-11057 HIGH POC PATCH This Week

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-12772 HIGH POC This Week

An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Spark
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11060 HIGH POC PATCH THREAT This Week

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Glpi
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
10.9%
CVE-2020-8153 HIGH POC This Week

Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Group Folders Fedora
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2020-8154 HIGH POC This Week

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
7.7
EPSS
1.8%
CVE-2020-12825 HIGH POC This Week

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libcroco
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-6242 CRITICAL Act Now

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-1939 CRITICAL PATCH Act Now

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Apache Null Pointer Dereference Denial Of Service Nuttx
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-8159 CRITICAL PATCH Act Now

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Actionpack Page Caching Debian Linux
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-12826 MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-1718 HIGH PATCH This Week

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Fuse Keycloak Openshift Application Runtimes
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6262 HIGH This Week

Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SAP Application Server
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6249 HIGH This Week

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Master Data Governance S4Core Master Data Governance S4Fnd Master Data Governance Sap Bs Fnd
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-6243 HIGH This Week

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Microsoft Adaptive Server Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-6241 HIGH This Week

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Adaptive Server Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-5897 HIGH This Week

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Use After Free Memory Corruption Information Disclosure Big Ip Access Policy Manager +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-11072 HIGH PATCH This Week

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slp Validate
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2020-11071 HIGH PATCH This Week

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slpjs
NVD GitHub
CVSS 3.1
8.6
EPSS
0.9%
CVE-2020-6252 HIGH This Week

Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Adaptive Server Enterprise Cockpit
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2020-6244 HIGH This Week

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Business Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-5896 HIGH This Week

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6247 HIGH This Week

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-6240 HIGH This Week

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1763 HIGH PATCH This Week

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Libreswan
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-8151 HIGH PATCH This Week

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Active Resource Fedora
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-6253 HIGH This Week

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Adaptive Server Enterprise
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2020-6248 HIGH This Week

SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Adaptive Server Enterprise Backup Server
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2020-8156 HIGH This Week

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nextcloud Information Disclosure Mail Fedora
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2020-6250 MEDIUM This Month

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Adaptive Server Enterprise
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-6245 MEDIUM This Month

SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-10706 MEDIUM This Month

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2020-6259 MEDIUM This Month

Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Adaptive Server Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6258 MEDIUM This Month

SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Identity Management
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-6251 MEDIUM This Month

Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-6254 MEDIUM This Month

SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Enterprise Threat Detection
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5898 MEDIUM This Month

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11062 MEDIUM PATCH This Month

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-6257 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4195 MEDIUM PATCH This Month

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Api Connect
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-8155 MEDIUM This Month

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-5248 MEDIUM PATCH This Month

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4346 MEDIUM PATCH This Month

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-1746 MEDIUM PATCH This Month

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Engine Ansible Tower Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2020-6256 MEDIUM This Month

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Master Data Governance
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-11058 LOW PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy