Skip to main content
CVE-2020-13229 HIGH POC This Week

An issue was discovered in Sysax Multi Server 6.90. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Multi Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-12607 HIGH POC PATCH This Week

An issue was discovered in fastecdsa before 2.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Fastecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7663 HIGH POC PATCH This Week

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Websocket Extensions Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-7662 HIGH POC PATCH This Week

websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Websocket Extensions
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-5410 HIGH POC KEV PATCH THREAT This Week

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Spring Cloud Config
NVD GitHub
CVSS 3.1
7.5
EPSS
95.6%
CVE-2020-10703 MEDIUM POC PATCH This Month

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libvirt
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-13228 MEDIUM POC This Month

An issue was discovered in Sysax Multi Server 6.90. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multi Server
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.1%
CVE-2020-10959 MEDIUM POC PATCH This Month

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Mediawiki
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-12017 CRITICAL Act Now

GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rt430 Firmware Rt431 Firmware Rt434 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-3641 CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3633 CRITICAL Act Now

Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3615 CRITICAL PATCH Act Now

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-13227 MEDIUM POC This Month

An issue was discovered in Sysax Multi Server 6.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Multi Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-13760 HIGH This Week

In Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-3630 HIGH PATCH This Week

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +45
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3625 HIGH This Week

When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Sm8250 Firmware Sxr2130 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3623 HIGH This Week

kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Sm8250 Firmware Sxr2130 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3618 HIGH This Week

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Information Disclosure Qca8081 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3616 HIGH This Week

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3610 HIGH PATCH This Week

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-13764 HIGH PATCH This Week

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Gravityforms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-13763 HIGH This Week

In Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13759 HIGH PATCH This Week

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Vm Memory
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-3645 HIGH This Week

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Ipq6018 Firmware Ipq8074 Firmware Kamorta Firmware +20
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4367 HIGH PATCH This Week

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10739 HIGH PATCH This Week

Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-3680 HIGH PATCH This Week

A race condition can occur when using the fastrpc memory mapping API. Rated high severity (CVSS 7.0).

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Msm8909W Firmware +15
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2020-13754 MEDIUM PATCH This Month

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-13775 MEDIUM PATCH This Month

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Znc Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-13762 MEDIUM This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-13761 MEDIUM This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4503 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4366 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13401 MEDIUM PATCH This Month

An issue was discovered in Docker Engine before 19.03.11. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Docker Engine Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
6.0
EPSS
2.8%
CVE-2020-4431 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4360 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10136 MEDIUM This Month

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nx Os Ucs Manager Saros X3220Nr Firmware +2
NVD
CVSS 3.1
5.3
EPSS
28.5%
CVE-2020-13659 LOW PATCH Monitor

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).

Null Pointer Dereference Denial Of Service Qemu Debian Linux Leap +1
NVD
CVSS 3.1
2.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy