Skip to main content
CVE-2020-25223 CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE Command Injection Unified Threat Management
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2020-15196 CRITICAL POC PATCH Act Now

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.9
EPSS
0.9%
CVE-2020-15208 CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-15205 CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-25132 CRITICAL POC Act Now

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Observium
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-13995 CRITICAL POC Act Now

U.S. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Nitf Extract Utility
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-15207 CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Python Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15202 CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15195 HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-25136 HIGH POC This Week

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Observium
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-24621 HIGH POC PATCH This Week

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Htmlformentry
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-23837 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Multi User
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-15212 HIGH POC PATCH This Week

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2020-24718 HIGH POC This Week

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Intel Authentication Bypass Freebsd Omnios Openindiana +1
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-15214 HIGH POC PATCH This Week

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Memory Corruption Tensorflow
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-15206 HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15203 HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15193 HIGH POC PATCH This Week

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Python Tensorflow Leap
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-15210 MEDIUM POC PATCH This Month

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-25130 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Observium
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-15197 MEDIUM POC PATCH This Month

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-25148 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-25146 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-25141 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25139 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25138 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25137 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25135 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25131 MEDIUM POC This Month

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Observium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15209 MEDIUM POC PATCH This Month

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-15200 MEDIUM POC PATCH This Month

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-15199 MEDIUM POC PATCH This Month

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-25147 CRITICAL Act Now

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Observium
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-15374 CRITICAL Act Now

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15373 CRITICAL Act Now

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-15371 CRITICAL Act Now

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15394 CRITICAL Act Now

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi RCE Manageengine Applications Manager
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2020-26108 CRITICAL Act Now

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-26105 CRITICAL Act Now

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-26101 CRITICAL Act Now

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-26100 CRITICAL Act Now

chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-26098 CRITICAL Act Now

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-25749 CRITICAL Act Now

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rv 3406 Firmware Rv 3409 Firmware Rv 3411 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-11805 CRITICAL Act Now

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity Reverse Proxy And Turn Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24594 CRITICAL Act Now

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Micloud Management Portal
NVD
CVSS 3.1
9.6
EPSS
1.7%
CVE-2020-25203 MEDIUM POC This Month

The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Framer Preview
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-15198 MEDIUM POC PATCH This Month

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-25747 CRITICAL Act Now

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rv 3406 Firmware Rv 3409 Firmware Rv 3411 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
1.8%
CVE-2020-15204 MEDIUM POC PATCH This Month

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15194 MEDIUM POC PATCH This Month

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy