Skip to main content
CVE-2020-8816 HIGH POC KEV PATCH THREAT Act Now

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Pi Hole
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
78.2%
CVE-2020-13693 CRITICAL POC PATCH THREAT Act Now

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Bbpress
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
43.9%
CVE-2020-13634 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Windows Master
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12493 CRITICAL Act Now

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpu Ls4000 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.4%
CVE-2020-11844 CRITICAL Act Now

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Management Automation
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-1832 HIGH This Week

E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption E6878 370 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-12675 HIGH This Week

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE PHP Google +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2020-7654 HIGH PATCH This Week

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Broker
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-6937 HIGH This Week

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mule Runtime
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-1870 HIGH This Week

There is a denial of service vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Cloudengine 12800 Firmware Cloudengine 6800 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-3957 HIGH This Week

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion Horizon Client Remote Console
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-4352 HIGH This Week

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-11039 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-7650 MEDIUM PATCH This Month

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Broker
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-7648 MEDIUM PATCH This Month

All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Broker
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-7653 MEDIUM PATCH This Month

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Broker
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-7652 MEDIUM PATCH This Month

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Broker
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-11019 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-11018 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Freerdp Leap +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-11017 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-4490 MEDIUM This Month

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8482 MEDIUM This Month

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Device Library Wizard
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3958 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion Workstation ESXi
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-11089 MEDIUM PATCH This Month

In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu,. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-11088 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11087 MEDIUM PATCH This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-11086 MEDIUM PATCH This Month

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-11038 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-4306 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-1809 MEDIUM This Month

HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 10 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-1798 MEDIUM This Month

HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P30 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-5573 MEDIUM This Month

Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Kintone
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-5572 MEDIUM This Month

Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mailwise
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-7651 MEDIUM PATCH This Month

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Broker
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-11085 LOW PATCH Monitor

In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
3.5
EPSS
1.7%
CVE-2020-3959 LOW Monitor

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Fusion Workstation ESXi
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-11043 LOW PATCH Monitor

In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
2.7
EPSS
1.9%
CVE-2020-11040 LOW Monitor

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-11041 LOW Monitor

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
2.7
EPSS
1.5%
CVE-2020-1831 LOW Monitor

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2020-1833 LOW Monitor

Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Honor 9X Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2020-1797 LOW Monitor

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mate 20 Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy