Skip to main content
CVE-2020-25592 CRITICAL POC PATCH THREAT Emergency

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
57.5%
CVE-2020-16846 CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2020-28328 HIGH POC THREAT Act Now

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Suitecrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
63.3%
CVE-2020-26214 CRITICAL POC PATCH THREAT Act Now

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Alerta
NVD GitHub
CVSS 3.1
9.8
EPSS
65.9%
CVE-2020-28250 CRITICAL POC Act Now

Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nvt Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-27347 HIGH POC PATCH This Week

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Tmux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-27589 HIGH POC PATCH This Week

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Hub Rest Api Python
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-28241 MEDIUM POC PATCH This Month

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmaxminddb Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-5795 MEDIUM POC This Month

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE TP-Link Archer A7 Firmware
NVD
CVSS 3.1
6.2
EPSS
1.0%
CVE-2020-28249 MEDIUM POC PATCH This Month

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Joplin
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2020-28168 MEDIUM POC PATCH MAL This Month

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js SSRF Axios Sinec Ins
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%
CVE-2020-3284 CRITICAL Act Now

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple A9K Rsp880 Se Firmware Ios Xr +42
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-25172 CRITICAL Act Now

A relative path traversal attack in the B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Onlinesuite Application Package
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-26892 CRITICAL PATCH Act Now

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Nats Server Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-5648 CRITICAL Act Now

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Coreos
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-5647 CRITICAL Act Now

Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coreos
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-5644 CRITICAL Act Now

Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Coreos
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-27152 MEDIUM POC PATCH This Month

An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-28327 MEDIUM POC PATCH This Month

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-15259 HIGH PATCH This Week

ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE CSRF Ad Ldap Connector
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3371 HIGH This Week

A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection RCE Integrated Management Controller
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-7198 HIGH This Week

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Oneview Synergy Composer Synergy Composer 2
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-10292 HIGH This Week

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Visual Components Network License Server
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2020-3604 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Microsoft RCE Webex Meetings
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-3603 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Microsoft RCE Webex Meetings +1
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2020-3600 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3595 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3594 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3593 HIGH PATCH This Week

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3588 HIGH PATCH This Week

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Cisco RCE Microsoft Path Traversal Webex Meetings
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3573 HIGH This Week

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Microsoft RCE Webex Meetings +1
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-5794 HIGH This Week

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nessus Network Monitor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25174 HIGH This Week

A DLL hijacking vulnerability in the B. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onlinesuite Application Package
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25170 HIGH This Week

An Excel Macro Injection vulnerability exists in the export feature in the B. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Onlinesuite Application Package
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-15708 HIGH This Week

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu RCE Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3574 HIGH PATCH This Week

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Ip Dect 210 Firmware Ip Dect 6825 Firmware Ip Phone 8811 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2020-3444 HIGH This Week

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26213 HIGH PATCH This Week

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Docker Teler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-8580 HIGH This Week

SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E Series Santricity Os Controller
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-27196 HIGH PATCH This Week

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Play Framework
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26883 HIGH PATCH This Week

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Play Framework
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-26882 HIGH PATCH This Week

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Play Framework
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10291 HIGH This Week

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visual Components Network License Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-28196 HIGH PATCH This Week

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora Active Iq Unified Manager Cloud Backup +7
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-26521 HIGH PATCH This Week

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Nats Server Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5649 HIGH This Week

Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coreos
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5646 HIGH This Week

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Coreos
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5645 HIGH This Week

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Coreos
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-3556 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-27129 MEDIUM This Month

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Sd Wan Vmanage
NVD
CVSS 3.1
6.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy