Skip to main content
CVE-2020-26867 CRITICAL Act Now

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Pcvue
NVD VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-5135 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
9.8
EPSS
26.9%
CVE-2020-15250 MEDIUM POC PATCH This Month

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Junit4 Debian Linux Pluto +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2020-15012 HIGH PATCH This Week

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
8.6
EPSS
2.6%
CVE-2020-4388 HIGH PATCH This Week

IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Cognos Analytics
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-4779 HIGH This Week

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-4772 HIGH This Week

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Denial Of Service IBM XXE Curam Social Program Management
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-26868 HIGH This Week

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pcvue
NVD VulDB
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-26869 HIGH This Week

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pcvue
NVD VulDB
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-9123 HIGH This Week

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Huawei P30 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-9090 HIGH This Week

FusionAccess version 6.5.1 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusionaccess
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7811 HIGH This Week

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Deserialization Update
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-4302 HIGH PATCH This Week

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE IBM Cognos Analytics
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-26546 HIGH This Week

An issue was discovered in HelpDeskZ 1.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Helpdeskz
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25825 HIGH This Week

In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-4778 HIGH This Week

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4776 HIGH This Week

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Curam Social Program Management
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-5140 HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5139 HIGH This Week

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5138 HIGH This Week

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5137 HIGH This Week

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5133 HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-4689 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to CVS Injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Security Guardium
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2020-9238 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Taurus An00B Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-9230 MEDIUM This Month

WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ws5800 10 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-9122 MEDIUM This Month

Some Huawei products have an insufficient input verification vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hirouter Cd30 10 Firmware Hirouter Ct31 10 Firmware Ws5200 12 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-4781 MEDIUM This Month

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service IBM Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4773 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-5141 MEDIUM This Month

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-5136 MEDIUM This Month

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5134 MEDIUM This Month

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-12670 MEDIUM This Month

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5142 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sonicos Sonicosv
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-9240 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Taurus An00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9108 MEDIUM This Month

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9107 MEDIUM This Month

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9091 MEDIUM This Month

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Taurus An00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-9087 MEDIUM This Month

Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Taurus Al00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-8821 MEDIUM This Month

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
5.4
EPSS
82.1%
CVE-2020-8820 MEDIUM This Month

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmin
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4741 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4681 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4680 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4775 MEDIUM This Month

A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4774 MEDIUM This Month

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-14184 MEDIUM This Month

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Jira Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4780 MEDIUM This Month

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-4699 MEDIUM This Month

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-4661 MEDIUM This Month

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-4660 MEDIUM This Month

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Security Access Manager Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy