Skip to main content
CVE-2020-17487 HIGH POC This Week

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Radare2 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-16170 HIGH POC This Week

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Temi
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-8918 HIGH POC PATCH This Week

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Go Tpm
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-7029 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aura Communication Manager Aura Messaging
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-0240 HIGH This Week

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-13124 HIGH PATCH This Week

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Python Command Injection Sabnzbd
NVD GitHub
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-9079 HIGH This Week

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusionsphere Openstack
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-10783 HIGH This Week

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Cloudforms
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2020-4486 HIGH This Week

IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-0259 HIGH This Week

In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0257 HIGH This Week

In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0243 HIGH This Week

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0242 HIGH This Week

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0241 HIGH This Week

In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-0108 HIGH This Week

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-14979 HIGH This Week

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Precision X1 Winring0
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13177 HIGH PATCH This Week

The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Graphics Agent Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-17448 HIGH This Week

Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Telegram Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-17367 HIGH This Week

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Firejail Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-17495 HIGH PATCH This Week

django-celery-results through 1.2.1 stores task results in the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Django Celery Results
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-0254 HIGH This Week

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-0251 HIGH This Week

There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-11976 HIGH PATCH This Week

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Information Disclosure Fortress Wicket
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-13175 HIGH This Week

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP Cloud Access Connector Cloud Access Connector Legacy
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-9404 HIGH This Week

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pactware
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-14296 HIGH This Week

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Red Hat Cloudforms Management Engine
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-0238 HIGH This Week

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy