Skip to main content
CVE-2020-11174 HIGH PATCH This Week

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Agatti Firmware Apq8009 Firmware Apq8017 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11164 HIGH This Week

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Agatti Firmware Apq8096Au Firmware Apq8098 Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11162 HIGH PATCH This Week

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Agatti Firmware Apq8009 Firmware Bitra Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11125 HIGH PATCH This Week

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Agatti Firmware Apq8009 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-28043 HIGH PATCH This Week

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9861 HIGH This Week

A stack overflow issue existed in Swift for Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swift
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5658 HIGH This Week

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-5655 HIGH This Week

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-5654 HIGH This Week

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-5652 HIGH This Week

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Q Q04Udpvcpu Firmware Melsec Q Q06Udpvcpu Firmware Melsec Q Q13Udpvcpu Firmware Melsec Q Q26Udpvcpu Firmware +47
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-28033 HIGH This Week

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-10937 HIGH PATCH This Week

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ipfs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-3704 HIGH This Week

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-11157 HIGH This Week

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8053 Firmware Apq8076 Firmware Mdm9640 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-11173 HIGH PATCH This Week

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Agatti Firmware Apq8053 Firmware +31
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2020-28044 MEDIUM This Month

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Prolinos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-6014 MEDIUM This Month

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft RCE Endpoint Security
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-5657 MEDIUM This Month

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-8173 LOW POC Monitor

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
2.2
EPSS
0.4%
CVE-2020-28038 MEDIUM This Month

WordPress before 5.5.2 allows stored XSS via post slugs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2020-28034 MEDIUM This Month

WordPress before 5.5.2 allows XSS associated with global variables. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-27359 MEDIUM This Month

A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-15914 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Origin Client
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-26939 MEDIUM PATCH This Month

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fips Java Api Legion Of The Bouncy Castle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-28040 MEDIUM This Month

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Debian Linux Ubuntu Linux
NVD WPScan
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-28031 MEDIUM This Month

eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Eramba
NVD
CVSS 3.1
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy