Skip to main content
CVE-2020-11679 HIGH POC This Week

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Nextgen Dvr Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-12851 HIGH POC This Week

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cells
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-13822 HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow Integer Overflow Elliptic
NVD GitHub
CVSS 3.1
7.7
EPSS
2.6%
CVE-2020-7661 HIGH POC This Week

all versions of url-regex are vulnerable to Regular Expression Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Url Regex
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-12847 HIGH POC This Week

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cells
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-11681 HIGH This Week

Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nextgen Dvr Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-13813 HIGH This Week

An issue was discovered in Foxit Studio Photo before 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13812 HIGH This Week

An issue was discovered in Foxit Studio Photo before 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13811 HIGH This Week

An issue was discovered in Foxit Studio Photo before 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-13692 HIGH PATCH This Week

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PostgreSQL XXE Postgresql Jdbc Driver Quarkus Steelstore Cloud Integrated Storage +2
NVD GitHub
CVSS 3.1
7.7
EPSS
4.1%
CVE-2020-4509 HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2020-13849 HIGH This Week

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mqtt
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-13848 HIGH PATCH This Week

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libupnp Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-13836 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Path Traversal Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-13834 HIGH This Week

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-13830 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-13829 HIGH This Week

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2020-13815 HIGH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13810 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13809 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13808 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13807 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13806 HIGH PATCH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13803 HIGH PATCH This Week

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Phantompdf Reader
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-13818 HIGH This Week

In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Path Traversal Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
37.0%
CVE-2020-13817 HIGH PATCH This Week

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Ntp Cloud Backup Clustered Data Ontap Data Ontap +21
NVD
CVSS 3.1
7.4
EPSS
4.1%
CVE-2020-13777 HIGH This Week

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gnutls Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.4
EPSS
17.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy