Skip to main content
CVE-2020-7384 HIGH POC THREAT Act Now

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metasploit
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
30.6%
CVE-2020-27996 HIGH POC PATCH This Week

An issue was discovered in SmartStoreNET before 4.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Smartstorenet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-27653 HIGH POC This Week

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager Diskstation Manager
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2020-27652 HIGH POC This Week

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Skynas Firmware
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2020-27651 HIGH POC This Week

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-25780 HIGH POC This Week

In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Commcell
NVD
CVSS 3.1
7.5
EPSS
9.9%
CVE-2020-27887 HIGH PATCH This Week

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection PHP Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11485 HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE CSRF Nvidia Bmc Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-4724 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-4723 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-4722 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-4721 HIGH PATCH This Week

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption I2 Analysts Notebook
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-25646 HIGH PATCH This Week

A flaw was found in Ansible Collection community.crypto. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Community Crypto
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5936 HIGH This Week

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5933 HIGH This Week

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5931 HIGH This Week

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5937 HIGH This Week

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11616 HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11615 HIGH This Week

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-11489 HIGH This Week

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-11487 HIGH This Week

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy