Skip to main content
CVE-2020-12460 CRITICAL POC Act Now

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Opendmarc Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-8558 HIGH POC PATCH This Week

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-12845 HIGH POC This Week

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cherokee
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-7694 HIGH POC PATCH This Week

This affects all versions of package uvicorn. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Uvicorn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-15953 HIGH POC This Week

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Libetpan Mailcore2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.4
EPSS
2.4%
CVE-2020-11110 MEDIUM POC PATCH This Month

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grafana E Series Performance Analyzer
NVD GitHub
CVSS 3.1
5.4
EPSS
9.6%
CVE-2020-7695 MEDIUM POC PATCH This Month

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uvicorn
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-5611 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Sharing
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-1457 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10
NVD
CVSS 3.1
7.8
EPSS
12.3%
CVE-2020-1425 HIGH PATCH This Week

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10
NVD
CVSS 3.1
7.8
EPSS
9.0%
CVE-2020-15593 HIGH This Week

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Steelcentral Aternity Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10609 HIGH This Week

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cim 500
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-15592 HIGH This Week

SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Path Traversal Steelcentral Aternity Agent
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-7017 MEDIUM This Month

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Elastic Kibana Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2020-15954 MEDIUM This Month

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kmail Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12880 MEDIUM This Month

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-10643 MEDIUM This Month

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pi Vision
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-15120 MEDIUM PATCH This Month

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass I Hate Money
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-7016 MEDIUM PATCH This Month

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Elastic Denial Of Service Kibana Communications Billing And Revenue Management Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-4408 MEDIUM PATCH This Month

The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Qradar Advisory
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-4498 MEDIUM PATCH This Month

IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-4405 MEDIUM PATCH This Month

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Verify Gateway
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-15103 LOW PATCH Monitor

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Freerdp Fedora Leap Ubuntu Linux +1
NVD GitHub
CVSS 3.1
3.5
EPSS
1.5%
CVE-2020-9077 LOW Monitor

HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Information Disclosure P30 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2020-9251 LOW Monitor

HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass P30 Firmware
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy