Skip to main content
CVE-2020-17466 CRITICAL POC Act Now

Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Trcwifizone
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11552 CRITICAL POC Act Now

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Microsoft Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.4%
CVE-2020-17487 HIGH POC This Week

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Radare2 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-16170 HIGH POC This Week

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Temi
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-8918 HIGH POC PATCH This Week

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Go Tpm
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-15071 MEDIUM POC This Month

content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Symphony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-0253 CRITICAL Act Now

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-0252 CRITICAL Act Now

There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Google Use After Free +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-17368 CRITICAL Act Now

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Firejail Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-8911 MEDIUM POC PATCH This Month

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Oracle Information Disclosure Aws S3 Crypto Sdk
NVD GitHub
CVSS 3.1
5.6
EPSS
0.3%
CVE-2020-15597 MEDIUM POC This Month

SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Soplanning
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-0260 CRITICAL Act Now

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2020-14324 CRITICAL Act Now

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
9.1
EPSS
2.5%
CVE-2020-14325 CRITICAL Act Now

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Cloudforms
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-7029 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aura Communication Manager Aura Messaging
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-0240 HIGH This Week

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-13124 HIGH PATCH This Week

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Python Command Injection Sabnzbd
NVD GitHub
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-9079 HIGH This Week

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusionsphere Openstack
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-17489 MEDIUM POC This Month

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnome Shell Ubuntu Linux Debian Linux Leap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-10783 HIGH This Week

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Cloudforms
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2020-4486 HIGH This Week

IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-0259 HIGH This Week

In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0257 HIGH This Week

In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0243 HIGH This Week

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0242 HIGH This Week

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0241 HIGH This Week

In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0108 HIGH This Week

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-14979 HIGH This Week

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Precision X1 Winring0
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13177 HIGH PATCH This Week

The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-17448 HIGH This Week

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Telegram Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-17367 HIGH This Week

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Firejail Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-17495 HIGH PATCH This Week

django-celery-results through 1.2.1 stores task results in the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Celery Results
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-0254 HIGH This Week

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-0251 HIGH This Week

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-11976 HIGH PATCH This Week

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Information Disclosure Fortress Wicket
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-13175 HIGH This Week

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP Cloud Access Connector Cloud Access Connector Legacy
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-9404 HIGH This Week

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pactware
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-14296 HIGH This Week

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-0238 HIGH This Week

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2020-0256 MEDIUM This Month

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-9244 MEDIUM This Month

HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 20 Pro Firmware Mate 20 X Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-13178 MEDIUM This Month

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-8912 LOW POC PATCH Monitor

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Oracle Information Disclosure Aws S3 Crypto Sdk
NVD GitHub
CVSS 3.1
2.5
EPSS
0.2%
CVE-2020-10779 MEDIUM This Month

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Red Hat Cloudforms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4485 MEDIUM This Month

IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-10780 MEDIUM This Month

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-13176 MEDIUM This Month

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Access Connector Cloud Access Connector Legacy
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-13174 MEDIUM PATCH This Month

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pcoip Management Console
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10778 MEDIUM This Month

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Cloudforms
NVD
CVSS 3.1
6.0
EPSS
0.9%
CVE-2020-0258 MEDIUM This Month

In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy