Skip to main content
CVE-2020-24373 HIGH POC This Week

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Freebox Revolution Firmware Freebox Mini Firmware Freebox One Firmware Freebox Delta Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-6146 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Nitro Pro
NVD
CVSS 3.1
8.8
EPSS
78.5%
CVE-2020-13259 HIGH POC This Week

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Secflow 1V Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.7%
CVE-2020-24889 HIGH POC This Week

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libraw
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-25559 HIGH POC This Week

gnuplot 5.5 is affected by double free when executing print_set_output. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gnuplot
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-7733 HIGH POC PATCH This Week

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ua Parser Js Communications Cloud Native Core Network Function Cloud Native Environment
NVD GitHub
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-25040 HIGH PATCH This Week

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-14306 HIGH PATCH This Week

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Istio Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-7530 HIGH This Week

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Scadapack 7X Remote Connect
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-2276 HIGH This Week

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Selection Tasks
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-2268 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins MongoDB
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-2261 HIGH PATCH This Week

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Jenkins Perfecto
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-4409 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Control Desk Maximo Asset Configuration Manager Maximo Asset Health Insights +17
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2020-25039 HIGH PATCH This Week

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-7532 HIGH This Week

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Scadapack X70 Security Administrator
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-7531 HIGH This Week

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scadapack 7X Remote Connect
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-7528 HIGH This Week

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Scadapack 7X Remote Connect
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-14382 HIGH PATCH This Week

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cryptsetup Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-14386 HIGH PATCH This Week

A flaw was found in the Linux kernel before 5.9-rc4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Privilege Escalation Buffer Overflow Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-16233 HIGH This Week

An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codemeter
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-14519 HIGH This Week

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Codemeter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-14515 HIGH This Week

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Codemeter
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-14513 HIGH This Week

CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Codemeter
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10718 HIGH This Week

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Fuse Wildfly
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1748 HIGH PATCH This Week

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Wildfly Elytron Decision Manager Process Automation
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10758 HIGH PATCH This Week

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Keycloak Openshift Application Runtimes Single Sign On
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-6781 HIGH This Week

Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Smart Home
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2020-10733 HIGH This Week

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL RCE Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-14393 HIGH PATCH This Week

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Database Interface Leap Debian Linux +1
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy