Skip to main content
CVE-2020-24978 CRITICAL POC Act Now

In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-23834 HIGH POC This Week

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Barracudadrive
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24659 HIGH POC This Week

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-24986 HIGH POC This Week

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-14008 HIGH POC THREAT This Week

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho RCE Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
35.8%
CVE-2020-24977 MEDIUM POC PATCH This Month

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libxml2 Debian Linux Fedora +15
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2020-24987 CRITICAL Act Now

Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda RCE Authentication Bypass Ac18 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-7730 CRITICAL PATCH Act Now

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Bestzip
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-25023 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-25022 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-25021 CRITICAL PATCH Act Now

An issue was discovered in Noise-Java through 2020-08-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Java Information Disclosure Noise Java
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-1911 CRITICAL PATCH Act Now

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-24963 MEDIUM POC This Month

An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Best Support System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-24981 MEDIUM POC This Month

An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ucms
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-12248 HIGH This Week

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3495 HIGH This Week

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Jabber
NVD
CVSS 3.1
8.8
EPSS
62.1%
CVE-2020-3430 HIGH This Week

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Cisco Command Injection Jabber
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-3530 HIGH This Week

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xr
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-11493 HIGH This Week

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-3478 HIGH This Week

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-4545 HIGH This Week

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM Aspera Connect
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-3473 HIGH This Week

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-24941 HIGH PATCH This Week

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Laravel
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-24940 HIGH PATCH This Week

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Laravel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-12247 HIGH This Week

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
7.1
EPSS
3.6%
CVE-2020-3453 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv340W Firmware Rv340 Firmware Rv345 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
3.1%
CVE-2020-3545 MEDIUM This Month

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Firepower Extensible Operating System
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-4632 MEDIUM This Month

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Infosphere Metadata Asset Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-3547 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asyncos
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-3498 MEDIUM This Month

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Jabber
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-3365 MEDIUM This Month

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-3537 MEDIUM This Month

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Jabber
NVD
CVSS 3.1
5.7
EPSS
1.3%
CVE-2020-4702 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3546 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asyncos
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3542 MEDIUM This Month

A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Webex Training
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7119 MEDIUM This Month

A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Information Disclosure Analytics And Location Engine
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2020-3451 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv340W Firmware Rv340 Firmware Rv345 Firmware +1
NVD
CVSS 3.1
4.7
EPSS
2.2%
CVE-2020-3541 MEDIUM This Month

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Webex Meetings Webex Teams
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-7299 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges. Rated medium severity (CVSS 4.1). No vendor patch available.

Microsoft Information Disclosure True Key
NVD
CVSS 3.1
4.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy