Skip to main content
CVE-2020-25614 CRITICAL POC PATCH Act Now

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Xmlquery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-25412 CRITICAL POC Act Now

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gnuplot
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14315 CRITICAL POC Act Now

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Bsdiff
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-24377 CRITICAL POC Act Now

A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freebox Revolution Firmware Freebox Mini Firmware Freebox One Firmware Freebox Delta Firmware +1
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-24374 CRITICAL POC Act Now

A DNS rebinding vulnerability in Freebox v5 before 1.5.29. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freebox Hd Firmware
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-24373 HIGH POC This Week

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Freebox Revolution Firmware Freebox Mini Firmware Freebox One Firmware Freebox Delta Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-6146 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Nitro Pro
NVD
CVSS 3.1
8.8
EPSS
78.5%
CVE-2020-13259 HIGH POC This Week

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Secflow 1V Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.7%
CVE-2020-24889 HIGH POC This Week

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libraw
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-25559 HIGH POC This Week

gnuplot 5.5 is affected by double free when executing print_set_output. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gnuplot
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-7733 HIGH POC PATCH This Week

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ua Parser Js Communications Cloud Native Core Network Function Cloud Native Environment
NVD GitHub
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-25015 MEDIUM POC This Month

A specific router allows changing the Wi-Fi password remotely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Platinum 4410 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.1%
CVE-2020-14517 CRITICAL Act Now

Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codemeter
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-14509 CRITICAL Act Now

Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Codemeter
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-24376 CRITICAL Act Now

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freebox Revolution Firmware Freebox Mini Firmware Freebox One Firmware Freebox Delta Firmware +1
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-24890 MEDIUM POC This Month

libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Null Pointer Dereference Denial Of Service Libraw
NVD GitHub
CVSS 3.1
5.5
EPSS
1.6%
CVE-2020-25040 HIGH PATCH This Week

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-14306 HIGH PATCH This Week

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Istio Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-7530 HIGH This Week

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Scadapack 7X Remote Connect
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-2276 HIGH This Week

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Selection Tasks
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-2268 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins MongoDB
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2261 HIGH PATCH This Week

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Perfecto
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-4409 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Control Desk Maximo Asset Configuration Manager Maximo Asset Health Insights +17
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2020-25039 HIGH PATCH This Week

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-7532 HIGH This Week

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Scadapack X70 Security Administrator
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-7531 HIGH This Week

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scadapack 7X Remote Connect
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-7528 HIGH This Week

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Scadapack 7X Remote Connect
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-14382 HIGH PATCH This Week

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cryptsetup Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-14386 HIGH PATCH This Week

A flaw was found in the Linux kernel before 5.9-rc4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Privilege Escalation Buffer Overflow Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-16233 HIGH This Week

An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codemeter
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-14519 HIGH This Week

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Codemeter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-14515 HIGH This Week

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Codemeter
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-14513 HIGH This Week

CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Codemeter
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10718 HIGH This Week

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Fuse Wildfly
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1748 HIGH PATCH This Week

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Wildfly Elytron Decision Manager Process Automation
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10758 HIGH PATCH This Week

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Keycloak Openshift Application Runtimes Single Sign On
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-6781 HIGH This Week

Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Smart Home
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-10733 HIGH This Week

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL RCE Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-14393 HIGH PATCH This Week

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Database Interface Leap Debian Linux +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-3980 MEDIUM This Month

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3990 MEDIUM This Month

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Microsoft Information Disclosure Horizon Client +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-2278 MEDIUM This Month

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Storable Configs
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-2277 MEDIUM This Month

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Storable Configs
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-2275 MEDIUM This Month

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Copy Data To Workspace
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-2254 MEDIUM PATCH This Month

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Blue Ocean
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-13928 MEDIUM PATCH This Month

Apache Atlas before 2.1.0 contain a XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Atlas
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2020-10748 MEDIUM PATCH This Month

A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Keycloak Single Sign On
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3988 MEDIUM This Month

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Microsoft Information Disclosure Horizon Client +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-3987 MEDIUM This Month

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Microsoft Information Disclosure Horizon Client +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-3986 MEDIUM This Month

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Microsoft Information Disclosure Horizon Client +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy