Skip to main content
CVE-2020-15531 HIGH POC This Week

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Bluetooth Low Energy Software Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-15146 HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-15143 HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-13826 HIGH POC This Week

A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection I Doit
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-16282 HIGH This Week

In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Rangeeos
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-10289 HIGH PATCH This Week

Use of unsafe yaml load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Robot Operating System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15635 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-15151 HIGH PATCH This Week

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Adobe CSRF Openmage Long Term Support Magento
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2020-16281 HIGH This Week

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Rangeeos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8870 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2020-8869 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2020-15862 HIGH PATCH This Week

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux Cloud Backup Hci Management Node +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15861 HIGH PATCH This Week

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux Cloud Backup Smi S Provider +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15638 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2020-15630 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2020-15629 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
6.3%
CVE-2020-24359 HIGH PATCH This Week

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Ssh Helper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy