Skip to main content
CVE-2020-15072 HIGH POC This Week

An issue was discovered in phpList through 3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Phplist
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5764 HIGH POC This Week

MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Path Traversal Mx Player
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11849 CRITICAL Act Now

Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Identity Manager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-3931 CRITICAL Act Now

Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gv As210 Firmware Gv As410 Firmware Gv As810 Firmware Gv Gf1921 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-15073 MEDIUM POC This Month

An issue was discovered in phpList through 3.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phplist
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-3973 HIGH This Week

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Velocloud Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2034 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
8.1
EPSS
6.6%
CVE-2020-5974 HIGH This Week

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nvidia Jetpack Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6938 HIGH This Week

A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tableau Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5839 HIGH This Week

Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Endpoint Detection And Response
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11994 HIGH PATCH This Week

Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Camel Communications Diameter Signaling Router Enterprise Manager Base Platform Enterprise Repository
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-2030 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2020-7140 MEDIUM PATCH This Month

A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Icewall Sso Dfw Icewall Sso Dgfw
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2031 MEDIUM This Month

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Integer Overflow Pan Os
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-1982 MEDIUM This Month

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy