Skip to main content
CVE-2020-25223 CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE Command Injection Unified Threat Management
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2020-15196 CRITICAL POC PATCH Act Now

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.9
EPSS
0.9%
CVE-2020-15208 CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-15205 CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-25132 CRITICAL POC Act Now

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Observium
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-13995 CRITICAL POC Act Now

U.S. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Nitf Extract Utility
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-15207 CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Python Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15202 CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-25147 CRITICAL Act Now

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Observium
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-15374 CRITICAL Act Now

Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15373 CRITICAL Act Now

Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-15371 CRITICAL Act Now

Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15394 CRITICAL Act Now

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi RCE Manageengine Applications Manager
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2020-26108 CRITICAL Act Now

cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-26105 CRITICAL Act Now

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-26101 CRITICAL Act Now

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-26100 CRITICAL Act Now

chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-26098 CRITICAL Act Now

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-25749 CRITICAL Act Now

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rv 3406 Firmware Rv 3409 Firmware Rv 3411 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-11805 CRITICAL Act Now

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity Reverse Proxy And Turn Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24594 CRITICAL Act Now

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Micloud Management Portal
NVD
CVSS 3.1
9.6
EPSS
1.7%
CVE-2020-25747 CRITICAL Act Now

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rv 3406 Firmware Rv 3409 Firmware Rv 3411 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy