Skip to main content
CVE-2020-15518 HIGH POC This Week

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Veeam Availability Suite Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-10282 CRITICAL Act Now

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Micro Air Vehicle Link
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-14172 CRITICAL Act Now

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Deserialization Jira Jira Software Data Center
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7283 HIGH This Week

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Total Protection
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-7284 HIGH This Week

Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Security Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10281 HIGH This Week

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micro Air Vehicle Link
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-7282 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Total Protection
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-7281 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Total Protection
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2020-14173 MEDIUM This Month

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Atlassian Jira Jira Data Center +2
NVD
CVSS 3.1
5.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy