Skip to main content
CVE-2020-8174 HIGH POC PATCH This Week

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Node Js Banking Extensibility Workbench Blockchain Platform Mysql Cluster +5
NVD
CVSS 3.1
8.1
EPSS
7.6%
CVE-2020-15924 HIGH POC This Week

There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Eframework
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-15923 HIGH POC This Week

Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Eframework
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-15778 HIGH POC THREAT This Week

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Openssh A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
7.4
EPSS
13.0%
CVE-2020-8207 HIGH This Week

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Authentication Bypass Citrix +1
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-15932 HIGH This Week

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Overwolf
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-10610 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10608 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-10606 HIGH This Week

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Pi Api Pi Buffer Subsystem Pi Connector +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8326 HIGH This Week

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8317 HIGH This Week

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10600 HIGH This Week

An authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Pi Data Archive
NVD
CVSS 3.1
7.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy