Skip to main content
CVE-2020-13167 CRITICAL POC THREAT Emergency

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Netsweeper
NVD
CVSS 3.1
9.8
EPSS
95.4%
CVE-2020-13166 CRITICAL POC THREAT Emergency

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Mylittleadmin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.6%
CVE-2020-8616 HIGH POC PATCH THREAT This Week

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bind Debian Linux
NVD
CVSS 3.1
8.6
EPSS
10.6%
CVE-2020-11807 HIGH POC PATCH This Week

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload PHP Newscoop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-13163 HIGH POC This Week

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Em Imap
NVD GitHub
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-7656 MEDIUM POC PATCH This Month

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jquery Peoplesoft Enterprise Peopletools Active Iq Unified Manager Cloud Backup +3
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.3%
CVE-2020-6956 MEDIUM POC This Month

PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dexicon Enterprise
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8617 MEDIUM POC PATCH THREAT This Month

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Bind Debian Linux Fedora Leap +1
NVD GitHub Exploit-DB
CVSS 3.1
5.9
EPSS
93.4%
CVE-2020-11715 CRITICAL Act Now

Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P99 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8434 CRITICAL Act Now

Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Internet Campus Solution
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10135 MEDIUM POC This Month

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bluetooth Core Leap
NVD
CVSS 3.1
5.4
EPSS
2.4%
CVE-2020-8021 MEDIUM POC This Month

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Open Build Service Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-7138 HIGH This Week

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nimbleos
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-2025 HIGH PATCH This Week

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Authentication Bypass Runtime
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-11766 HIGH This Week

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Hylafax Avantfax
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-10030 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Information Disclosure Recursor
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-7139 HIGH This Week

Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nimbleos
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-13164 HIGH PATCH This Week

In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux Leap Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-10995 HIGH This Week

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora Debian Linux Backports Sle +1
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-1695 HIGH PATCH This Week

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Resteasy Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-12663 HIGH PATCH This Week

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-12662 HIGH PATCH This Week

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-12244 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Recursor Fedora Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12667 HIGH This Week

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Knot Resolver
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-4411 HIGH This Week

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-7137 MEDIUM This Month

A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Superdome Flex Server Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-10723 MEDIUM PATCH This Month

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-10722 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-2024 MEDIUM PATCH This Month

An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Runtime
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-4286 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10134 MEDIUM This Month

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bluetooth Core
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-11845 MEDIUM This Month

Cross Site Scripting vulnerability in Micro Focus Service Manager product. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Service Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12038 MEDIUM PATCH This Month

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Eds Subsystem Rslinx Rslinx Enterprise Rsnetworx +1
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2020-4298 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4412 MEDIUM This Month

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-10724 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy