Skip to main content
CVE-2020-8616 HIGH POC PATCH THREAT This Week

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bind Debian Linux
NVD
CVSS 3.1
8.6
EPSS
10.6%
CVE-2020-11807 HIGH POC PATCH This Week

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload PHP Newscoop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-13163 HIGH POC This Week

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Em Imap
NVD GitHub
CVSS 3.1
7.4
EPSS
0.8%
CVE-2020-7138 HIGH This Week

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nimbleos
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-2025 HIGH PATCH This Week

Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Authentication Bypass Runtime
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-11766 HIGH This Week

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Hylafax Avantfax
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-10030 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Information Disclosure Recursor
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-7139 HIGH This Week

Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nimbleos
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-13164 HIGH PATCH This Week

In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux Leap Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-10995 HIGH This Week

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora Debian Linux Backports Sle +1
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-1695 HIGH PATCH This Week

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Resteasy Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-12663 HIGH PATCH This Week

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-12662 HIGH PATCH This Week

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-12244 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Recursor Fedora Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12667 HIGH This Week

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Knot Resolver
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-4411 HIGH This Week

The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy