Skip to main content
CVE-2020-14295 HIGH POC THREAT Act Now

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cacti Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
86.3%
CVE-2020-11896 CRITICAL POC THREAT Act Now

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Tcp Ip
NVD
CVSS 3.1
10.0
EPSS
37.0%
CVE-2020-11898 CRITICAL POC THREAT Act Now

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tcp Ip
NVD
CVSS 3.1
9.1
EPSS
18.7%
CVE-2020-11901 CRITICAL POC THREAT Act Now

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Information Disclosure Tcp Ip
NVD
CVSS 3.1
9.0
EPSS
21.1%
CVE-2020-13224 HIGH POC This Week

TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Nc200 Firmware Nc210 Firmware Nc220 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-11900 HIGH POC THREAT This Week

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcp Ip
NVD
CVSS 3.1
8.2
EPSS
12.8%
CVE-2020-14157 HIGH POC This Week

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secvest Wireless Control Fube50001 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-9332 HIGH POC This Week

ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Usb For Remote Desktop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-11904 HIGH POC This Week

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Tcp Ip
NVD
CVSS 3.1
7.3
EPSS
3.2%
CVE-2020-11902 HIGH POC This Week

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
7.3
EPSS
9.3%
CVE-2020-12827 HIGH POC PATCH This Week

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mjml
NVD GitHub
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-11905 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11903 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11907 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcp Ip
NVD
CVSS 3.1
6.3
EPSS
2.0%
CVE-2020-11906 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
CVSS 3.1
6.3
EPSS
2.0%
CVE-2020-14408 MEDIUM POC This Month

An issue was discovered in Agentejo Cockpit 0.10.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cockpit
NVD GitHub
CVSS 3.1
6.1
EPSS
3.0%
CVE-2020-11897 CRITICAL Act Now

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Tcp Ip
NVD
CVSS 3.1
10.0
EPSS
9.1%
CVE-2020-11899 MEDIUM POC KEV THREAT This Month

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip Wyse 5050 All In One Firmware Wyse 7030 Firmware +1
NVD
CVSS 3.1
5.4
EPSS
18.6%
CVE-2020-11913 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2020-11912 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
5.3
EPSS
4.5%
CVE-2020-11911 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcp Ip
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-11910 MEDIUM POC THREAT This Month

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
5.3
EPSS
10.9%
CVE-2020-11909 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
CVSS 3.1
5.3
EPSS
3.6%
CVE-2020-11914 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcp Ip
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-11908 MEDIUM POC This Month

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcp Ip
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2020-6869 HIGH This Week

All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ztemarket Apk
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-14040 HIGH PATCH This Week

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Text Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-13637 HIGH This Week

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Apple Stashcat
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-14400 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14399 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14398 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14397 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libvncserver Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-14396 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-14405 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +5
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-14401 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Libvncserver Debian Linux Leap +6
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-7932 MEDIUM PATCH This Month

OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Omero Web
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2020-14404 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-14403 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-14402 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-4532 MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-8619 MEDIUM This Month

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Leap Debian Linux +2
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2020-8618 MEDIUM This Month

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Steelstore Cloud Integrated Storage Ubuntu Linux
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2020-6752 LOW Monitor

In OMERO before 5.6.1, group owners can access members' data in other groups. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Omero
NVD
CVSS 3.1
3.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy