Skip to main content
CVE-2020-2038 HIGH POC THREAT Act Now

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Paloalto Command Injection Pan Os
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
86.1%
CVE-2020-13127 HIGH POC This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-2036 HIGH POC THREAT This Week

A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-25219 HIGH POC This Week

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libproxy Debian Linux Fedora Leap +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-6318 HIGH POC This Week

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection SAP Abap Platform
NVD
CVSS 3.1
7.2
EPSS
5.6%
CVE-2020-14342 HIGH POC PATCH This Week

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Cifs Utils Fedora Leap
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2020-7319 HIGH This Week

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-15163 HIGH PATCH This Week

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python Authentication Bypass The Update Framework
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-1913 HIGH PATCH This Week

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Hermes
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-1912 HIGH PATCH This Week

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2020-15789 HIGH This Week

A vulnerability has been identified in Polarion Subversion Webclient (All versions). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Polarion Subversion Webclient
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-6320 HIGH This Week

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Marketing
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-6302 HIGH This Week

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Session Fixation Information Disclosure Commerce
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-10056 HIGH This Week

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation License Management Utility
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10051 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Simatic Rtls Locating Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-10050 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7325 HIGH This Week

Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mvision Endpoint
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3656 HIGH PATCH This Week

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Kamorta Firmware Mdm9607 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11129 HIGH This Week

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Information Disclosure Bitra Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11124 HIGH PATCH This Week

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Memory Corruption Information Disclosure Mdm9607 Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-2041 HIGH This Week

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Pan Os
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-24566 HIGH This Week

In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-1749 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Enterprise Mrg
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14384 HIGH This Week

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Jboss Enterprise Application Platform Jbossweb
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11135 HIGH This Week

u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8098 Firmware Kamorta Firmware Msm8917 Firmware +24
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-10049 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-7320 HIGH This Week

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2020-2042 HIGH This Week

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Paloalto Pan Os
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-2037 HIGH This Week

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2020-3617 HIGH This Week

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Kamorta Firmware Nicobar Firmware Qcs605 Firmware +13
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-25212 HIGH PATCH This Week

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in. Rated high severity (CVSS 7.0).

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy