Skip to main content
CVE-2020-13445 HIGH POC PATCH This Week

In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Liferay Portal
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-7672 HIGH POC This Week

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mosc
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-13900 HIGH POC PATCH This Week

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-13899 HIGH POC PATCH This Week

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13898 HIGH POC PATCH This Week

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Janus
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-13905 HIGH This Week

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-2026 HIGH PATCH This Week

A malicious guest compromised before a container creation (e.g. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Runtime Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13270 HIGH This Week

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6271 HIGH This Week

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Solution Manager
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2020-6268 HIGH This Week

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp Ea Finserv Erp S4Core
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-13906 HIGH This Week

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irfanview
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-0118 HIGH PATCH This Week

In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0115 HIGH PATCH This Week

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0114 HIGH PATCH This Week

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7586 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7585 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 Sinamics Starter
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7280 HIGH This Week

Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Virusscan Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7279 HIGH This Week

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Host Intrusion Prevention
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-13238 HIGH This Week

Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R00Cpu Firmware Melsec Iq R01Cpu Firmware Melsec Iq R02Cpu Firmware Melsec Iq R04Cpu Firmware +17
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-11622 HIGH This Week

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudeos Veos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10705 HIGH PATCH This Week

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Undertow Oncommand Insight Jboss Enterprise Application Platform Openshift Application Runtimes
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13223 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7671 HIGH This Week

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Goliath
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7670 HIGH This Week

agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Agoo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6264 HIGH This Week

SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-4436 HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-4435 HIGH This Week

Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Memory Corruption Aspera Application Platform On Demand +9
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4434 HIGH This Week

Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-4433 HIGH This Week

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Aspera Application Platform On Demand Aspera Faspex On Demand +8
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-4432 HIGH This Week

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Aspera Application Platform On Demand Aspera Faspex On Demand Aspera High Speed Transfer Endpoint +7
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-2029 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-2028 HIGH This Week

An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2020-2027 HIGH This Week

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-2032 HIGH This Week

A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Paloalto Microsoft Information Disclosure Globalprotect
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy