Skip to main content
CVE-2020-14162 HIGH POC This Week

An issue was discovered in Pi-Hole through 5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pi Hole
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-12620 HIGH POC This Week

Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pi Hole
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-8218 HIGH POC KEV THREAT This Week

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
7.2
EPSS
32.7%
CVE-2020-10713 HIGH This Week

A flaw was found in grub2, prior to version 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Grub2 Debian Linux Leap +1
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2020-8206 HIGH This Week

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Connect Secure Pulse Connect Secure Policy Secure +1
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2020-7829 HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7828 HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7827 HIGH This Week

DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-3701 HIGH This Week

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Denial Of Service Memory Corruption Saipan Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-5610 HIGH This Week

Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Global Techstream
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-16162 HIGH This Week

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rpki Validator 3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15131 HIGH PATCH This Week

In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slp Validate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15130 HIGH PATCH This Week

In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Slpjs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15957 HIGH PATCH This Week

An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Dp3T Backend Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4185 HIGH PATCH This Week

IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-3700 HIGH PATCH This Week

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8096Au Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-16164 HIGH PATCH This Week

An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Rpki Validator 3
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2020-8219 HIGH This Week

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connect Secure Pulse Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
7.2
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy