Skip to main content
CVE-2020-7384 HIGH POC THREAT Act Now

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metasploit
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
30.6%
CVE-2020-27655 CRITICAL POC Act Now

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2020-27998 CRITICAL POC PATCH Act Now

An issue was discovered in FastReport before 2020.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fastreport
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-27744 CRITICAL POC Act Now

An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-27654 CRITICAL POC Act Now

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-7746 CRITICAL POC PATCH Act Now

This affects the package chart.js before 2.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Chart Js
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-27649 CRITICAL POC Act Now

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2020-27648 CRITICAL POC Act Now

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Skynas Firmware
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2020-27996 HIGH POC PATCH This Week

An issue was discovered in SmartStoreNET before 4.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Smartstorenet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-27653 HIGH POC This Week

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager Diskstation Manager
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2020-27652 HIGH POC This Week

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Skynas Firmware
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2020-27651 HIGH POC This Week

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-25780 HIGH POC This Week

In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Commcell
NVD
CVSS 3.1
7.5
EPSS
9.9%
CVE-2020-27885 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-27658 MEDIUM POC This Month

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-27657 MEDIUM POC This Month

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-27886 CRITICAL PATCH Act Now

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-27995 CRITICAL Act Now

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Applications Manager
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2020-11486 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nvidia Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-11483 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25516 MEDIUM POC This Month

WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Integrator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-27993 MEDIUM POC This Month

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hrsale
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
2.5%
CVE-2020-27887 HIGH PATCH This Week

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection PHP Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11485 HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE CSRF Nvidia Bmc Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-4724 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-4723 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-4722 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-4721 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-27656 LOW POC Monitor

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2020-25646 HIGH PATCH This Week

A flaw was found in Ansible Collection community.crypto. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Community Crypto
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5936 HIGH This Week

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5933 HIGH This Week

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5931 HIGH This Week

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5937 HIGH This Week

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11616 HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11615 HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11489 HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11487 HIGH This Week

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27747 MEDIUM This Month

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Passwordstate
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-11488 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Jwt Attack Nvidia Bmc Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-5934 MEDIUM This Month

On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-5938 MEDIUM This Month

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-21266 MEDIUM This Month

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Broadleaf Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-5935 MEDIUM This Month

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-14323 MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-26205 MEDIUM PATCH This Month

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11484 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-5932 MEDIUM This Month

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Application Security Manager
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4864 MEDIUM PATCH This Month

IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-27650 LOW Monitor

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Synology Information Disclosure Diskstation Manager Skynas Firmware
NVD
CVSS 3.1
3.7
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy