Skip to main content
CVE-2020-17463 CRITICAL POC KEV THREAT Act Now

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuel Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-16087 HIGH POC This Week

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Zalo Desktop
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2020-24346 HIGH POC This Week

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Nginx Njs
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-24345 HIGH POC This Week

{new new Proxy(a,{})}JSON.parse("[]",a). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24343 HIGH POC This Week

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Mujs
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24342 HIGH POC PATCH This Week

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Lua Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-24331 HIGH POC PATCH This Week

An issue was discovered in TrouSerS through 0.3.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Trousers Fedora
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24330 HIGH POC PATCH This Week

An issue was discovered in TrouSerS through 0.3.14. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Trousers Fedora
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-16303 HIGH POC This Week

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-7360 HIGH POC This Week

An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Smartcontrol
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-24344 HIGH POC This Week

{a=arguments}){const arguments}) buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-17498 MEDIUM POC PATCH This Month

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Zfs Storage Appliance Kit
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2020-13280 MEDIUM POC This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4589 CRITICAL Act Now

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE IBM Deserialization Websphere Application Server
NVD
CVSS 3.1
9.8
EPSS
8.5%
CVE-2020-24349 MEDIUM POC This Month

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Nginx Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-24348 MEDIUM POC This Month

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24347 MEDIUM POC This Month

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24332 MEDIUM POC PATCH This Month

An issue was discovered in TrouSerS through 0.3.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Trousers Fedora
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-17538 MEDIUM POC This Month

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16310 MEDIUM POC This Month

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16309 MEDIUM POC This Month

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16308 MEDIUM POC This Month

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16307 MEDIUM POC This Month

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16306 MEDIUM POC This Month

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16305 MEDIUM POC This Month

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16304 MEDIUM POC This Month

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16302 MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16301 MEDIUM POC This Month

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16300 MEDIUM POC This Month

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16299 MEDIUM POC This Month

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16298 MEDIUM POC This Month

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16297 MEDIUM POC PATCH This Month

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16296 MEDIUM POC This Month

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2020-16295 MEDIUM POC This Month

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16294 MEDIUM POC This Month

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16293 MEDIUM POC This Month

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16292 MEDIUM POC This Month

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16291 MEDIUM POC PATCH This Month

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16290 MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16289 MEDIUM POC This Month

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16288 MEDIUM POC This Month

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16287 MEDIUM POC This Month

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-15947 HIGH This Week

A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-15925 HIGH This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-8732 HIGH This Week

Heap-based buffer overflow in the firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Memory Corruption Server Board S2600Wt Firmware +17
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-8731 HIGH This Week

Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Server Board S2600Wt Firmware Server System R1000Wt Firmware Server System R2000Wt Firmware +15
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-8730 HIGH This Week

Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Memory Corruption Server Board S2600Wt Firmware +17
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-8718 HIGH This Week

Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Server Board S2600Wt Firmware Server System R1000Wt Firmware +16
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-8713 HIGH This Week

Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Server Board S2600Wt Firmware Server System R1000Wt Firmware +16
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-8709 HIGH This Week

Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Server Board S2600Wt Firmware Server System R1000Wt Firmware +16
NVD
CVSS 3.1
8.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy