Skip to main content
CVE-2020-1956 HIGH POC KEV PATCH THREAT This Week

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache Command Injection Kylin
NVD
CVSS 3.1
8.8
EPSS
97.3%
CVE-2020-13384 HIGH POC This Week

Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Monstra
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-13415 HIGH POC This Week

An issue was discovered in Aviatrix Controller through 5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Controller
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-13414 HIGH POC This Week

An issue was discovered in Aviatrix Controller before 5.4.1204. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Controller Gateway
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13412 HIGH This Week

An issue was discovered in Aviatrix Controller before 5.4.1204. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Controller
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-13398 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.3
EPSS
2.4%
CVE-2020-11077 HIGH PATCH This Week

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Puma Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-11076 HIGH PATCH This Week

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Puma Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-3272 HIGH This Week

A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Prime Network Registrar
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-3184 HIGH This Week

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Provisioning
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-13396 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy