Skip to main content
CVE-2020-24057 HIGH POC This Week

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection S5120Fd Firmware
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2020-24574 HIGH POC This Week

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Authentication Bypass Galaxy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-24567 HIGH POC This Week

voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Everything
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9063 HIGH POC This Week

NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Aptra Xfs
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2020-24056 HIGH POC This Week

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 5620Ptz Firmware 4320 Firmware S5120Fd Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-24053 HIGH POC This Week

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-24571 HIGH POC THREAT This Week

NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nexusdb
NVD
CVSS 3.1
7.5
EPSS
18.0%
CVE-2020-15309 HIGH POC This Week

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-5417 HIGH This Week

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15070 HIGH This Week

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PostgreSQL Zulip Server
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15147 HIGH PATCH This Week

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Red Discord Bot
NVD GitHub
CVSS 3.1
8.5
EPSS
2.0%
CVE-2020-10126 HIGH This Week

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Aptra Xfs
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2020-10125 HIGH This Week

NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Aptra Xfs
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2020-8623 HIGH This Week

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Leap Debian Linux +3
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-8621 HIGH This Week

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Ubuntu Linux Dns Server +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-8620 HIGH This Week

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Steelstore Cloud Integrated Storage Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-12457 HIGH PATCH This Week

An issue was discovered in wolfSSL before 4.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-14215 HIGH This Week

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zulip Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-10124 HIGH This Week

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

RCE Authentication Bypass Aptra Xfs
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-5774 HIGH PATCH This Week

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Nessus
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy