Skip to main content
CVE-2020-13383 HIGH POC PATCH THREAT Act Now

openSIS through 7.4 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
69.6%
CVE-2020-7688 HIGH POC PATCH This Week

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Mversion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-6089 HIGH POC This Week

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-15478 HIGH POC This Week

The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Journal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.7%
CVE-2020-15476 HIGH POC PATCH This Week

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Oracle Information Disclosure Ndpi Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5904 HIGH This Week

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-5900 HIGH This Week

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nginx Nginx Controller
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-5906 HIGH This Week

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-12498 HIGH This Week

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Pc Worx Pc Worx Express
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-12497 HIGH This Week

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Pc Worx Pc Worx Express
NVD
CVSS 3.1
7.8
EPSS
14.7%
CVE-2020-5899 HIGH This Week

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-4363 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE IBM Microsoft Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8663 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-4420 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Microsoft Db2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-12605 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-12604 HIGH PATCH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-7689 HIGH PATCH This Week

Data is truncated wrong when its length is greater than 255 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Node Bcrypt Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12603 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-14167 HIGH This Week

The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Denial Of Service Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5907 HIGH This Week

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy