Skip to main content
CVE-2020-11066 CRITICAL PATCH Act Now

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Typo3
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2020-10620 CRITICAL Act Now

Opto 22 SoftPAC Project Version 9.6 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Softpac Project
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-0221 CRITICAL Act Now

Airbrush FW's scratch memory allocator is susceptible to numeric overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-0103 CRITICAL PATCH Act Now

In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-12874 CRITICAL Act Now

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aptare
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11973 CRITICAL PATCH Act Now

Apache Camel Netty enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Camel Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-11972 CRITICAL PATCH Act Now

Apache Camel RabbitMQ enables Java deserialization by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Camel Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-10612 CRITICAL Act Now

Opto 22 SoftPAC Project Version 9.6 and prior. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Softpac Project
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-10616 HIGH This Week

Opto 22 SoftPAC Project Version 9.6 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Softpac Project
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-5577 HIGH This Week

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Movable Type
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-5576 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Movable Type
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-11069 HIGH PATCH This Week

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload CSRF Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-11067 HIGH PATCH This Week

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-0110 HIGH PATCH This Week

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android +139
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0109 HIGH PATCH This Week

In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0105 HIGH PATCH This Week

In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0102 HIGH PATCH This Week

In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0098 HIGH PATCH This Week

In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0097 HIGH PATCH This Week

In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0096 HIGH PATCH This Week

In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-0094 HIGH PATCH This Week

In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0024 HIGH PATCH This Week

In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-4468 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4467 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4422 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4343 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4288 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4287 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4285 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2020-4266 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4264 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4263 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4262 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4261 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4258 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-4257 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10626 HIGH This Week

In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Jserialcomm Ecostruxure It Gateway
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-12877 HIGH This Week

Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aptare
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12876 HIGH This Week

Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Aptare
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11971 HIGH PATCH This Week

Apache Camel's JMX is vulnerable to Rebind Flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Camel Communications Diameter Intelligence Hub Communications Diameter Signaling Router +2
NVD
CVSS 3.1
7.5
EPSS
14.3%
CVE-2020-4265 HIGH This Week

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-0220 MEDIUM This Month

In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-12068 MEDIUM This Month

An issue was discovered in CODESYS Development System before 3.5.16.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Pfc100 +8
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12042 MEDIUM This Month

Opto 22 SoftPAC Project Version 9.6 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Softpac Project
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5408 MEDIUM PATCH This Month

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-4259 MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sterling File Gateway
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12717 MEDIUM This Month

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Abtracetogether Protego Safe Covidsafe +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12875 MEDIUM This Month

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aptare
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2020-1945 MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure Ant Ubuntu Linux +48
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2020-12677 MEDIUM PATCH This Month

An issue was discovered in Progress MOVEit Automation Web Admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Moveit Automation
NVD
CVSS 3.1
6.1
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy