Skip to main content
CVE-2020-15012 HIGH PATCH This Week

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus Repository Manager
NVD
CVSS 3.1
8.6
EPSS
2.6%
CVE-2020-4388 HIGH PATCH This Week

IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Cognos Analytics
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-4779 HIGH This Week

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-4772 HIGH This Week

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Denial Of Service IBM XXE Curam Social Program Management
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-26868 HIGH This Week

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pcvue
NVD VulDB
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-26869 HIGH This Week

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pcvue
NVD VulDB
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-9123 HIGH This Week

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Huawei P30 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-9090 HIGH This Week

FusionAccess version 6.5.1 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusionaccess
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7811 HIGH This Week

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Deserialization Update
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-4302 HIGH PATCH This Week

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE IBM Cognos Analytics
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-26546 HIGH This Week

An issue was discovered in HelpDeskZ 1.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Helpdeskz
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-25825 HIGH This Week

In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-4778 HIGH This Week

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4776 HIGH This Week

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Curam Social Program Management
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-5140 HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5139 HIGH This Week

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5138 HIGH This Week

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5137 HIGH This Week

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-5133 HIGH This Week

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy