Skip to main content
CVE-2020-11073 HIGH POC PATCH This Week

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python RCE Command Injection Autoswitch Python Virtualenv
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-2015 HIGH This Week

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-2014 HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-2013 HIGH This Week

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-2006 HIGH This Week

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-1998 HIGH This Week

An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-1714 HIGH PATCH This Week

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Keycloak Decision Manager Jboss Fuse +4
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-5407 HIGH PATCH This Week

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jwt Attack Spring Security
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-12427 HIGH This Week

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Apple Wd Discovery
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-2002 HIGH This Week

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2020-2012 HIGH This Week

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XXE Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-2011 HIGH This Week

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-3341 HIGH This Week

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-3327 HIGH This Week

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-2010 HIGH This Week

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-2009 HIGH This Week

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-2008 HIGH This Week

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-2007 HIGH This Week

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-2016 HIGH This Week

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
7.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy