Skip to main content
CVE-2020-13229 HIGH POC This Week

An issue was discovered in Sysax Multi Server 6.90. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Multi Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-12607 HIGH POC PATCH This Week

An issue was discovered in fastecdsa before 2.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Fastecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7663 HIGH POC PATCH This Week

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Websocket Extensions Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-7662 HIGH POC PATCH This Week

websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Websocket Extensions
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-5410 HIGH POC KEV PATCH THREAT This Week

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Spring Cloud Config
NVD GitHub
CVSS 3.1
7.5
EPSS
95.6%
CVE-2020-13760 HIGH This Week

In Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-3630 HIGH PATCH This Week

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +45
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3625 HIGH This Week

When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Sm8250 Firmware Sxr2130 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3623 HIGH This Week

kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Sm8250 Firmware Sxr2130 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3618 HIGH This Week

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Information Disclosure Qca8081 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3616 HIGH This Week

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3610 HIGH PATCH This Week

Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Apq8096Au Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-13764 HIGH PATCH This Week

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Gravityforms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-13763 HIGH This Week

In Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13759 HIGH PATCH This Week

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Vm Memory
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-3645 HIGH This Week

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Ipq6018 Firmware Ipq8074 Firmware Kamorta Firmware +20
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4367 HIGH PATCH This Week

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10739 HIGH PATCH This Week

Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-3680 HIGH PATCH This Week

A race condition can occur when using the fastrpc memory mapping API. Rated high severity (CVSS 7.0).

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Msm8909W Firmware +15
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy