Skip to main content
CVE-2020-13417 CRITICAL POC Act Now

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure OpenSSL Microsoft Apple Controller +2
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-13394 CRITICAL POC Act Now

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac6 Firmware Ac9 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13393 CRITICAL POC Act Now

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac6 Firmware Ac9 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-13392 CRITICAL POC Act Now

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac6 Firmware Ac9 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13391 CRITICAL POC Act Now

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac6 Firmware Ac9 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13390 CRITICAL POC Act Now

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac6 Firmware Ac9 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13389 CRITICAL POC Act Now

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac6 Firmware Ac9 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13388 CRITICAL POC PATCH Act Now

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Jw Util
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-1956 HIGH POC KEV PATCH THREAT This Week

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache Command Injection Kylin
NVD
CVSS 3.1
8.8
EPSS
97.3%
CVE-2020-13384 HIGH POC This Week

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Monstra
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-13415 HIGH POC This Week

An issue was discovered in Aviatrix Controller through 5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Controller
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-13414 HIGH POC This Week

An issue was discovered in Aviatrix Controller before 5.4.1204. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Controller Gateway
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7813 CRITICAL Act Now

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ezhttptrans
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-3280 CRITICAL Act Now

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization RCE Unified Contact Center Express
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2020-8789 MEDIUM POC This Month

Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Composr
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13413 MEDIUM POC This Month

An issue was discovered in Aviatrix Controller before 5.4.1204. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Controller Vpn Client
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-6091 CRITICAL Act Now

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Eb 1470Ui Firmware
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2020-13412 HIGH This Week

An issue was discovered in Aviatrix Controller before 5.4.1204. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Controller
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-13398 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.3
EPSS
2.4%
CVE-2020-11077 HIGH PATCH This Week

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Puma Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-11076 HIGH PATCH This Week

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Puma Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-3272 HIGH This Week

A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Prime Network Registrar
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3184 HIGH This Week

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Provisioning
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-13396 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-13416 MEDIUM This Month

An issue was discovered in Aviatrix Controller before 5.4.1066. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Controller
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-7658 MEDIUM PATCH This Month

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Meinheld
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-3314 MEDIUM This Month

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Advanced Malware Protection For Endpoints
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-10711 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service Linux Kernel 3Scale +9
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2020-13397 MEDIUM PATCH This Month

An issue was discovered in FreeRDP before 2.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3344 MEDIUM This Month

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3343 MEDIUM This Month

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12397 MEDIUM PATCH This Month

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy