Skip to main content
CVE-2020-28046 HIGH POC This Week

An issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Prolinos
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-28045 HIGH POC This Week

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Prolinos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27992 HIGH POC This Week

Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dr Fone
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27708 HIGH POC This Week

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Origin
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14425 HIGH POC THREAT This Week

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Foxit Reader
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
39.4%
CVE-2020-7758 HIGH POC PATCH This Week

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Chrome
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-9368 HIGH POC This Week

The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Olea Gift On Order
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-8183 HIGH POC This Week

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-28030 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-11155 HIGH This Week

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Qca6390 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11154 HIGH This Week

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8053 Firmware Qca6390 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-11114 HIGH This Week

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Ar9344 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-11156 HIGH This Week

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Qca6390 Firmware Qcn7605 Firmware Qcs404 Firmware +5
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-11141 HIGH This Week

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware Qca6390 Firmware +6
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2020-3696 HIGH PATCH This Week

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Qualcomm Denial Of Service Memory Corruption Apq8009 Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3694 HIGH PATCH This Week

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Bitra Firmware Nicobar Firmware Saipan Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3693 HIGH PATCH This Week

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3690 HIGH This Week

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Bitra Firmware Kamorta Firmware +26
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3684 HIGH This Week

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Apq8009 Firmware Apq8098 Firmware +42
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3678 HIGH This Week

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Kamorta Firmware Qcs404 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3638 HIGH This Week

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Bitra Firmware Kamorta Firmware +13
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11174 HIGH PATCH This Week

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Agatti Firmware Apq8009 Firmware Apq8017 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11164 HIGH This Week

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Agatti Firmware Apq8096Au Firmware Apq8098 Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11162 HIGH PATCH This Week

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Agatti Firmware Apq8009 Firmware Bitra Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11125 HIGH PATCH This Week

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Agatti Firmware Apq8009 Firmware +46
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-28043 HIGH PATCH This Week

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9861 HIGH This Week

A stack overflow issue existed in Swift for Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swift
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5658 HIGH This Week

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-5655 HIGH This Week

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-5654 HIGH This Week

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-5652 HIGH This Week

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Q Q04Udpvcpu Firmware Melsec Q Q06Udpvcpu Firmware Melsec Q Q13Udpvcpu Firmware Melsec Q Q26Udpvcpu Firmware +47
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-28033 HIGH This Week

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-10937 HIGH PATCH This Week

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ipfs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-3704 HIGH This Week

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Agatti Firmware Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-11157 HIGH This Week

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8053 Firmware Apq8076 Firmware Mdm9640 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-11173 HIGH PATCH This Week

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Agatti Firmware Apq8053 Firmware +31
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy